Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
freekernelpstviewer.exe

Overview

General Information

Sample name:freekernelpstviewer.exe
Analysis ID:1523496
MD5:e761750e919f40a6efdfbd8bb51b9fe5
SHA1:7fbd636fdf04b0fba858c70f4704a6eb1a6be15c
SHA256:4e2eb12620d5c06822913b82decc1c44d272082ce75a266e0ec3ab4e38c52ab9
Infos:

Detection

Score:7
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • freekernelpstviewer.exe (PID: 6348 cmdline: "C:\Users\user\Desktop\freekernelpstviewer.exe" MD5: E761750E919F40A6EFDFBD8BB51B9FE5)
    • freekernelpstviewer.tmp (PID: 6460 cmdline: "C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp" /SL5="$10432,4877973,80384,C:\Users\user\Desktop\freekernelpstviewer.exe" MD5: 94A04BEE414E9B518666B1303AAA6AE2)
      • regsvr32.exe (PID: 340 cmdline: "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 4464 cmdline: "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 6064 cmdline: "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
      • regsvr32.exe (PID: 1440 cmdline: "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
      • regsvr32.exe (PID: 4192 cmdline: "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
      • regsvr32.exe (PID: 2312 cmdline: "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
      • regsvr32.exe (PID: 2084 cmdline: "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 1880 cmdline: "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 4092 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.OCX" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • Kernel Outlook PST Viewer.exe (PID: 2896 cmdline: "C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe" MD5: BC8F3E0E63BDABEE5917BBC545D16D31)
      • chrome.exe (PID: 3300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 6440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1856,i,4981765526884018428,11496894683768264734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: freekernelpstviewer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: freekernelpstviewer.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.4:54607 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54608 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54609 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54610 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:54649 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:54656 version: TLS 1.2
Source: freekernelpstviewer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00476120 FindFirstFileA,FindNextFileA,FindClose,2_2_00476120
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004531A4 FindFirstFileA,GetLastError,2_2_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00463344 FindFirstFileA,FindNextFileA,FindClose,2_2_00463344
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_0049998C
Source: global trafficTCP traffic: 192.168.2.4:64132 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.4:54606 -> 162.159.36.2:53
Source: Joe Sandbox ViewIP Address: 150.171.27.10 150.171.27.10
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HDVveBNWknpUTyG&MD=RfXle5gx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global trafficHTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HDVveBNWknpUTyG&MD=RfXle5gx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HDVveBNWknpUTyG&MD=RfXle5gx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /thanks-for-installing-kernel-pst-viewer.html HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cssnew/fonts/Montserrat-Regular.woff2 HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.nucleustechnologies.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cssnew/freeware-download.css HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cssnew/menu-update-2023.css HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jsnew/jquery-v3.6.3.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/logo.avif HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/cli-1.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/cli-2.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/cli-3.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/cli-1.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/logo.avif HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/cli-4.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc001.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/cli-2.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/cli-3.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc002.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc003.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/cli-4.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc004.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc001.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc005.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc002.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc003.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew/dmca.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jsnew/bootstrap.bundleV5.2.min.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc004.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ntjs/cookie.notice.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/soc005.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /jsnew/customscript.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew/dmca.webp HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ntjs/cookie.notice.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jsnew/bootstrap.bundleV5.2.min.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/what-makes-effect-bg.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/cssnew/freeware-download.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1
Source: global trafficHTTP traffic detected: GET /jsnew/customscript.js HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/bnr-thanku.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1
Source: global trafficHTTP traffic detected: GET /imagenew20/prod-spr-El.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/cssnew/menu-update-2023.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global trafficHTTP traffic detected: GET /imagenew20/arw-menu.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/cssnew/menu-update-2023.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global trafficHTTP traffic detected: GET /imagenew20/what-makes-effect-bg.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global trafficHTTP traffic detected: GET /imagenew20/bnr-thanku.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global trafficHTTP traffic detected: GET /imagenew20/prod-spr-El.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global trafficHTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global trafficHTTP traffic detected: GET /improvely.js HTTP/1.1Host: lepide.iljmp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /imagenew20/arw-menu.png HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
Source: global trafficHTTP traffic detected: GET /improvely.js HTTP/1.1Host: lepide.iljmp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=ZrxawPMx5H/sa4nLsgB/olJy8M171KLkW8yl63McqD8VzfzD/V3HSZ7rOD/+XwPIIGPzAWUC4fy1KURA7aCWPjbf6oEQbZ3e0z4Gb5mkHMmOrl3xQhUmLkjoc9lc
Source: global trafficHTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global trafficHTTP traffic detected: GET /p/action/138001625.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global trafficHTTP traffic detected: GET /track/click?product=2&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&screen=1280x1024x24&identity=&rand=796 HTTP/1.1Host: lepide.iljmp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=2hclR1qAG/K/Tv9b4/6RgBjGXvxh2AMY5CSOis41KKtxXChsQOWIiFk/pJpy8LgZ9xmRDMg95wAMwH4JhsQ/pcmhnrujQ+5udajpaS5IJjzelRnh+cMmA+gKh5dW
Source: global trafficHTTP traffic detected: GET /p/action/138001625.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global trafficHTTP traffic detected: GET /action/0?ti=138001625&tm=gtm002&Ver=2&mid=4990f006-1680-41ab-9fed-41cbaccf42df&sid=9bc31e90800911ef948eb5c6372e0fee&vid=9bc36200800911ef8321f7e7a4dacb97&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&p=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&r=&lt=8050&evt=pageLoad&sv=1&cdb=AQAQ&rn=586376 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global trafficHTTP traffic detected: GET /td/rul/1057256791?random=1727796422723&cv=11&fst=1727796422723&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&ct_cookie_present=0 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&eitems=ChAI8LvutwYQvYPn-4PFkqUhEh0AOih__PM4biFMzUH6O9d1ZH1mgJU_OXBioJa9Qg&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5rcy1mb3ItaW5zdGFsbGluZy1rZXJuZWwtcHN0LXZpZXdlci5odG1sQldDaEFJOEx2dXR3WVFqLVhoMHNHTF9JMWZFaTBBcnhOaXJIbzR6eHlhdlF1VlpTUjF5c0V5TDNQam4tWGRtZGphSG5teDFPaGpKSTF5d1dMTEQ3RFN0a1k HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5rcy1mb3ItaW5zdGFsbGluZy1rZXJuZWwtcHN0LXZpZXdlci5odG1sQldDaEFJOEx2dXR3WVFqLVhoMHNHTF9JMWZFaTBBcnhOaXJIbzR6eHlhdlF1VlpTUjF5c0V5TDNQam4tWGRtZGphSG5teDFPaGpKSTF5d1dMTEQ3RFN0a1k&is_vtc=1&cid=CAQSGwDpaXnfV9_JuXh1IjkO3QY5AY7-YlWPalGYKw&eitems=ChAI8LvutwYQvYPn-4PFkqUhEh0AOih__MZHRD6ZuWolVe9kVwB_oqBhNjQsS9Vg8g&random=3693467989 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /track/click?product=2&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&screen=1280x1024x24&identity=&rand=796 HTTP/1.1Host: lepide.iljmp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=2hclR1qAG/K/Tv9b4/6RgBjGXvxh2AMY5CSOis41KKtxXChsQOWIiFk/pJpy8LgZ9xmRDMg95wAMwH4JhsQ/pcmhnrujQ+5udajpaS5IJjzelRnh+cMmA+gKh5dW; AWSALBCORS=Y/IuQg9mwMNB0WnXbO8RhZgww0+9OLRWCrdNpwIh9BRsVnwMoqMRfTsBdorDHAQQds/JFdtuL67Co0BcRH0X630J8wLy/KQD4drcG2JxstMVu0IRa60Ls7ZsJPXY; symfony=mt2md1q4obphaejecink4sfa7c; lepide_2=85af5be9e818ed15846cc4d04f726994
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5rcy1mb3ItaW5zdGFsbGluZy1rZXJuZWwtcHN0LXZpZXdlci5odG1sQldDaEFJOEx2dXR3WVFqLVhoMHNHTF9JMWZFaTBBcnhOaXJIbzR6eHlhdlF1VlpTUjF5c0V5TDNQam4tWGRtZGphSG5teDFPaGpKSTF5d1dMTEQ3RFN0a1k&is_vtc=1&cid=CAQSGwDpaXnfV9_JuXh1IjkO3QY5AY7-YlWPalGYKw&eitems=ChAI8LvutwYQvYPn-4PFkqUhEh0AOih__MZHRD6ZuWolVe9kVwB_oqBhNjQsS9Vg8g&random=3693467989 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420; lepide_2_init=1727796421787; _ga_Q687VE4VEB=GS1.1.1727796422.1.0.1727796422.0.0.0; _ga=GA1.1.681739815.1727796422; _uetsid=9bc31e90800911ef948eb5c6372e0fee; _uetvid=9bc36200800911ef8321f7e7a4dacb97; lepide_2=85af5be9e818ed15846cc4d04f726994
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5rcy1mb3ItaW5zdGFsbGluZy1rZXJuZWwtcHN0LXZpZXdlci5odG1sQldDaEFJOEx2dXR3WVFqLVhoMHNHTF9JMWZFaTBBcnhOaXJIbzR6eHlhdlF1VlpTUjF5c0V5TDNQam4tWGRtZGphSG5teDFPaGpKSTF5d1dMTEQ3RFN0a1k&is_vtc=1&cid=CAQSGwDpaXnfV9_JuXh1IjkO3QY5AY7-YlWPalGYKw&eitems=ChAI8LvutwYQvYPn-4PFkqUhEh0AOih__MZHRD6ZuWolVe9kVwB_oqBhNjQsS9Vg8g&random=3693467989 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.nucleustechnologies.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420; lepide_2_init=1727796421787; _ga_Q687VE4VEB=GS1.1.1727796422.1.0.1727796422.0.0.0; _ga=GA1.1.681739815.1727796422; _uetsid=9bc31e90800911ef948eb5c6372e0fee; _uetvid=9bc36200800911ef8321f7e7a4dacb97; lepide_2=85af5be9e818ed15846cc4d04f726994
Source: chromecache_249.19.drString found in binary or memory: <li><a href="https://in.linkedin.com/company/kerneldatarecovery" target="_blank" rel="noopener noreferrer"><picture><source type="image/webp" srcset="https://www.nucleustechnologies.com/imagenew20/soc003.webp"><source type="image/png" srcset="https://www.nucleustechnologies.com/imagenew20/soc003.png"><img src="https://www.nucleustechnologies.com/imagenew20/soc003.png" width="32" height="32" loading="lazy" alt="LinkedIn"></picture></a></li> equals www.linkedin.com (Linkedin)
Source: chromecache_249.19.drString found in binary or memory: <li><a href="https://twitter.com/KernelRecovery/" target="_blank" rel="noopener noreferrer"><picture><source type="image/webp" srcset="https://www.nucleustechnologies.com/imagenew20/soc002.webp"><source type="image/png" srcset="https://www.nucleustechnologies.com/imagenew20/soc002.png"><img src="https://www.nucleustechnologies.com/imagenew20/soc002.png" width="32" height="32" loading="lazy" alt="Twitter"></picture></a></li> equals www.twitter.com (Twitter)
Source: chromecache_249.19.drString found in binary or memory: <li><a href="https://www.facebook.com/kerneltools/" target="_blank" rel="noopener noreferrer"><picture><source type="image/webp" srcset="https://www.nucleustechnologies.com/imagenew20/soc001.webp"><source type="image/png" srcset="https://www.nucleustechnologies.com/imagenew20/soc001.png"><img src="https://www.nucleustechnologies.com/imagenew20/soc001.png" width="32" height="32" loading="lazy" alt="Facebook"></picture></a></li> equals www.facebook.com (Facebook)
Source: chromecache_249.19.drString found in binary or memory: <li><a href="https://www.youtube.com/KernelDataRecovery" target="_blank" rel="noopener noreferrer"><picture><source type="image/webp" srcset="https://www.nucleustechnologies.com/imagenew20/soc004.webp"><source type="image/png" srcset="https://www.nucleustechnologies.com/imagenew20/soc004.png"><img src="https://www.nucleustechnologies.com/imagenew20/soc004.png" width="32" height="32" loading="lazy" alt="YouTube"></picture></a></li> equals www.youtube.com (Youtube)
Source: chromecache_191.19.dr, chromecache_217.19.drString found in binary or memory: Math.round(q);u["gtm.videoElapsedTime"]=Math.round(f);u["gtm.videoPercent"]=r;u["gtm.videoVisible"]=t;return u},dk:function(){e=zb()},od:function(){d()}}};var gc=ja(["data-gtm-yt-inspected-"]),KC=["www.youtube.com","www.youtube-nocookie.com"],LC,MC=!1; equals www.youtube.com (Youtube)
Source: chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_253.19.drString found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=qA(a,c,e);Q(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return Q(122),!0;if(d&&f){for(var m=Kb(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},tA=function(){var a=[],b=function(c){return ob(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_191.19.dr, chromecache_217.19.drString found in binary or memory: if(!(e||f||g||k.length||m.length))return;var p={ih:e,gh:f,hh:g,Sh:k,Th:m,Ie:n,Bb:b},q=C.YT;if(q)return q.ready&&q.ready(d),b;var r=C.onYouTubeIframeAPIReady;C.onYouTubeIframeAPIReady=function(){r&&r();d()};F(function(){for(var t=E.getElementsByTagName("script"),v=t.length,u=0;u<v;u++){var w=t[u].getAttribute("src");if(VC(w,"iframe_api")||VC(w,"player_api"))return b}for(var x=E.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!MC&&TC(x[A],p.Ie))return wc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_179.19.dr, chromecache_253.19.drString found in binary or memory: return b}IC.F="internal.enableAutoEventOnTimer";var gc=ja(["data-gtm-yt-inspected-"]),KC=["www.youtube.com","www.youtube-nocookie.com"],LC,MC=!1; equals www.youtube.com (Youtube)
Source: chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_253.19.drString found in binary or memory: var XB=function(a,b,c,d,e){var f=Oz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Oz("fsl","nv.ids",[]):Oz("fsl","ids",[]);if(!g.length)return!0;var k=Tz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);Q(121);if(m==="https://www.facebook.com/tr/")return Q(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!By(k,Dy(b, equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: www.nucleustechnologies.com
Source: global trafficDNS traffic detected: DNS query: lepide.iljmp.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: cdn.livechatinc.com
Source: global trafficDNS traffic detected: DNS query: api.livechatinc.com
Source: global trafficDNS traffic detected: DNS query: secure.livechatinc.com
Source: global trafficDNS traffic detected: DNS query: accounts.livechatinc.com
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.0000000006087000.00000004.00001000.00020000.00000000.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106424647.0000000002F9F000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.bcgsoft.com
Source: is-TAPQG.tmp.2.drString found in binary or memory: http://www.chilkatforum.com/questions/11627/sftp-failed-to-get-address-info
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.chilkatsoft.com/p/p_463.asp)
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.cknotes.com/?p=210
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.cknotes.com/?p=210WSAEWOULDBLOCK
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.cknotes.com/?p=217
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.cknotes.com/?p=217WSAECONNRESET
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.cknotes.com/?p=91
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.cknotes.com/?p=91WSAECONNABORTED
Source: freekernelpstviewer.tmp, freekernelpstviewer.tmp, 00000002.00000000.1741148152.0000000000401000.00000020.00000001.01000000.00000004.sdmp, freekernelpstviewer.tmp.1.dr, is-IGNSG.tmp.2.drString found in binary or memory: http://www.innosetup.com/
Source: freekernelpstviewer.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: freekernelpstviewer.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: freekernelpstviewer.tmp, 00000002.00000003.1745843062.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106424647.0000000002F9F000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.nucleustechnologies.com
Source: freekernelpstviewer.exe, 00000001.00000003.1737345146.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000002.2999189446.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000002.2999804788.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745843062.00000000021C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nucleustechnologies.com.
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.nucleustechnologies.com/Microsoft-Outlook-Mail-Recovery.html
Source: freekernelpstviewer.exe, 00000001.00000003.1737247424.0000000002300000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000003.1737345146.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000002.2999189446.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745506949.0000000003100000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000002.2999804788.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745843062.00000000021C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nucleustechnologies.com/Support.html
Source: freekernelpstviewer.exe, 00000001.00000003.1737345146.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000002.2999189446.0000000002091000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000002.2999804788.00000000021C8000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745843062.00000000021C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nucleustechnologies.com/Support.html2
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.0000000006087000.00000004.00001000.00020000.00000000.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106424647.0000000002F9F000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.nucleustechnologies.com/downloadgs.htmlPA
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.nucleustechnologies.com/how-pst-viewer-works.htmlHH.EXE-mapid
Source: freekernelpstviewer.exe, 00000001.00000003.1737247424.0000000002300000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000003.1745506949.0000000003100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nucleustechnologies.com/http://www.nucleustechnologies.com/Support.html
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: http://www.nucleustechnologies.com/pst-viewer.htmlmailto:sales
Source: freekernelpstviewer.exe, 00000001.00000003.1737928534.0000000002300000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000003.1738291916.0000000002098000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, freekernelpstviewer.tmp, 00000002.00000000.1741148152.0000000000401000.00000020.00000001.01000000.00000004.sdmp, freekernelpstviewer.tmp.1.dr, is-IGNSG.tmp.2.drString found in binary or memory: http://www.remobjects.com/ps
Source: freekernelpstviewer.exe, 00000001.00000003.1737928534.0000000002300000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000003.1738291916.0000000002098000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000000.1741148152.0000000000401000.00000020.00000001.01000000.00000004.sdmp, freekernelpstviewer.tmp.1.dr, is-IGNSG.tmp.2.drString found in binary or memory: http://www.remobjects.com/psU
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3015257701.0000000003100000.00000004.00000020.00020000.00000000.sdmp, is-TEVFK.tmp.2.dr, wbk8331.tmp.16.drString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: sets.json.17.drString found in binary or memory: https://07c225f3.online
Source: sets.json.17.drString found in binary or memory: https://24.hu
Source: sets.json.17.drString found in binary or memory: https://aajtak.in
Source: chromecache_253.19.drString found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: sets.json.17.drString found in binary or memory: https://alice.tw
Source: sets.json.17.drString found in binary or memory: https://ambitionbox.com
Source: chromecache_183.19.drString found in binary or memory: https://api.livechatinc.com
Source: sets.json.17.drString found in binary or memory: https://autobild.de
Source: sets.json.17.drString found in binary or memory: https://bild.de
Source: sets.json.17.drString found in binary or memory: https://blackrock.com
Source: sets.json.17.drString found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.17.drString found in binary or memory: https://bluradio.com
Source: sets.json.17.drString found in binary or memory: https://bolasport.com
Source: sets.json.17.drString found in binary or memory: https://bonvivir.com
Source: sets.json.17.drString found in binary or memory: https://bumbox.com
Source: sets.json.17.drString found in binary or memory: https://businessinsider.com.pl
Source: sets.json.17.drString found in binary or memory: https://businesstoday.in
Source: sets.json.17.drString found in binary or memory: https://cachematrix.com
Source: sets.json.17.drString found in binary or memory: https://cafemedia.com
Source: sets.json.17.drString found in binary or memory: https://caracoltv.com
Source: sets.json.17.drString found in binary or memory: https://carcostadvisor.be
Source: sets.json.17.drString found in binary or memory: https://carcostadvisor.com
Source: sets.json.17.drString found in binary or memory: https://carcostadvisor.fr
Source: sets.json.17.drString found in binary or memory: https://cardsayings.net
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_179.19.dr, chromecache_253.19.drString found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_183.19.drString found in binary or memory: https://cdn.livechatinc.com
Source: chromecache_183.19.drString found in binary or memory: https://cdn.livechatinc.com/direct-link/livechat-chat-with-us.png
Source: chromecache_183.19.drString found in binary or memory: https://cdn.livechatinc.com/widget/static/js/livechat.BPz2GY67.js
Source: sets.json.17.drString found in binary or memory: https://chatbot.com
Source: sets.json.17.drString found in binary or memory: https://chennien.com
Source: sets.json.17.drString found in binary or memory: https://citybibleforum.org
Source: sets.json.17.drString found in binary or memory: https://clarosports.com
Source: sets.json.17.drString found in binary or memory: https://clmbtech.com
Source: sets.json.17.drString found in binary or memory: https://closeronline.co.uk
Source: sets.json.17.drString found in binary or memory: https://clubelpais.com.uy
Source: sets.json.17.drString found in binary or memory: https://cmxd.com.mx
Source: sets.json.17.drString found in binary or memory: https://cognitive-ai.ru
Source: sets.json.17.drString found in binary or memory: https://cognitiveai.ru
Source: sets.json.17.drString found in binary or memory: https://commentcamarche.com
Source: sets.json.17.drString found in binary or memory: https://commentcamarche.net
Source: sets.json.17.drString found in binary or memory: https://computerbild.de
Source: sets.json.17.drString found in binary or memory: https://content-loader.com
Source: sets.json.17.drString found in binary or memory: https://cookreactor.com
Source: sets.json.17.drString found in binary or memory: https://cricbuzz.com
Source: sets.json.17.drString found in binary or memory: https://css-load.com
Source: sets.json.17.drString found in binary or memory: https://deccoria.pl
Source: sets.json.17.drString found in binary or memory: https://deere.com
Source: sets.json.17.drString found in binary or memory: https://desimartini.com
Source: sets.json.17.drString found in binary or memory: https://drimer.io
Source: sets.json.17.drString found in binary or memory: https://drimer.travel
Source: sets.json.17.drString found in binary or memory: https://economictimes.com
Source: sets.json.17.drString found in binary or memory: https://efront.com
Source: sets.json.17.drString found in binary or memory: https://eleconomista.net
Source: sets.json.17.drString found in binary or memory: https://elfinancierocr.com
Source: sets.json.17.drString found in binary or memory: https://elgrafico.com
Source: sets.json.17.drString found in binary or memory: https://ella.sv
Source: sets.json.17.drString found in binary or memory: https://elpais.com.uy
Source: sets.json.17.drString found in binary or memory: https://elpais.uy
Source: sets.json.17.drString found in binary or memory: https://etfacademy.it
Source: sets.json.17.drString found in binary or memory: https://eworkbookcloud.com
Source: sets.json.17.drString found in binary or memory: https://eworkbookrequest.com
Source: sets.json.17.drString found in binary or memory: https://fakt.pl
Source: sets.json.17.drString found in binary or memory: https://finn.no
Source: sets.json.17.drString found in binary or memory: https://firstlook.biz
Source: chromecache_272.19.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Montserrat:wght
Source: chromecache_244.19.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: chromecache_244.19.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: chromecache_244.19.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: chromecache_244.19.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: chromecache_244.19.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: sets.json.17.drString found in binary or memory: https://gallito.com.uy
Source: sets.json.17.drString found in binary or memory: https://geforcenow.com
Source: sets.json.17.drString found in binary or memory: https://gettalkdesk.com
Source: chromecache_234.19.dr, chromecache_243.19.drString found in binary or memory: https://github.com/dollarshaveclub/postmate
Source: chromecache_224.19.dr, chromecache_179.19.drString found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: sets.json.17.drString found in binary or memory: https://gliadomain.com
Source: sets.json.17.drString found in binary or memory: https://gnttv.com
Source: chromecache_253.19.drString found in binary or memory: https://google.com
Source: chromecache_253.19.drString found in binary or memory: https://googleads.g.doubleclick.net
Source: sets.json.17.drString found in binary or memory: https://graziadaily.co.uk
Source: sets.json.17.drString found in binary or memory: https://grid.id
Source: sets.json.17.drString found in binary or memory: https://gridgames.app
Source: sets.json.17.drString found in binary or memory: https://growthrx.in
Source: sets.json.17.drString found in binary or memory: https://grupolpg.sv
Source: sets.json.17.drString found in binary or memory: https://gujaratijagran.com
Source: sets.json.17.drString found in binary or memory: https://hapara.com
Source: sets.json.17.drString found in binary or memory: https://hazipatika.com
Source: sets.json.17.drString found in binary or memory: https://hc1.com
Source: sets.json.17.drString found in binary or memory: https://hc1.global
Source: sets.json.17.drString found in binary or memory: https://hc1cas.com
Source: sets.json.17.drString found in binary or memory: https://hc1cas.global
Source: sets.json.17.drString found in binary or memory: https://healthshots.com
Source: sets.json.17.drString found in binary or memory: https://hearty.app
Source: sets.json.17.drString found in binary or memory: https://hearty.gift
Source: sets.json.17.drString found in binary or memory: https://hearty.me
Source: sets.json.17.drString found in binary or memory: https://heartymail.com
Source: sets.json.17.drString found in binary or memory: https://heatworld.com
Source: sets.json.17.drString found in binary or memory: https://helpdesk.com
Source: sets.json.17.drString found in binary or memory: https://hindustantimes.com
Source: sets.json.17.drString found in binary or memory: https://hj.rs
Source: sets.json.17.drString found in binary or memory: https://hjck.com
Source: sets.json.17.drString found in binary or memory: https://html-load.cc
Source: sets.json.17.drString found in binary or memory: https://html-load.com
Source: sets.json.17.drString found in binary or memory: https://human-talk.org
Source: sets.json.17.drString found in binary or memory: https://idbs-cloud.com
Source: sets.json.17.drString found in binary or memory: https://idbs-dev.com
Source: sets.json.17.drString found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.17.drString found in binary or memory: https://idbs-staging.com
Source: sets.json.17.drString found in binary or memory: https://img-load.com
Source: chromecache_249.19.drString found in binary or memory: https://in.linkedin.com/company/kerneldatarecovery
Source: sets.json.17.drString found in binary or memory: https://indiatimes.com
Source: sets.json.17.drString found in binary or memory: https://indiatoday.in
Source: sets.json.17.drString found in binary or memory: https://indiatodayne.in
Source: sets.json.17.drString found in binary or memory: https://infoedgeindia.com
Source: sets.json.17.drString found in binary or memory: https://interia.pl
Source: sets.json.17.drString found in binary or memory: https://intoday.in
Source: sets.json.17.drString found in binary or memory: https://iolam.it
Source: sets.json.17.drString found in binary or memory: https://ishares.com
Source: sets.json.17.drString found in binary or memory: https://jagran.com
Source: sets.json.17.drString found in binary or memory: https://johndeere.com
Source: sets.json.17.drString found in binary or memory: https://journaldesfemmes.com
Source: sets.json.17.drString found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.17.drString found in binary or memory: https://journaldunet.com
Source: sets.json.17.drString found in binary or memory: https://journaldunet.fr
Source: sets.json.17.drString found in binary or memory: https://joyreactor.cc
Source: sets.json.17.drString found in binary or memory: https://joyreactor.com
Source: sets.json.17.drString found in binary or memory: https://kaksya.in
Source: sets.json.17.drString found in binary or memory: https://knowledgebase.com
Source: sets.json.17.drString found in binary or memory: https://kompas.com
Source: sets.json.17.drString found in binary or memory: https://kompas.tv
Source: sets.json.17.drString found in binary or memory: https://kompasiana.com
Source: sets.json.17.drString found in binary or memory: https://lanacion.com.ar
Source: sets.json.17.drString found in binary or memory: https://landyrev.com
Source: sets.json.17.drString found in binary or memory: https://landyrev.ru
Source: sets.json.17.drString found in binary or memory: https://laprensagrafica.com
Source: sets.json.17.drString found in binary or memory: https://lateja.cr
Source: chromecache_249.19.drString found in binary or memory: https://lepide.iljmp.com
Source: sets.json.17.drString found in binary or memory: https://libero.it
Source: sets.json.17.drString found in binary or memory: https://linternaute.com
Source: sets.json.17.drString found in binary or memory: https://linternaute.fr
Source: sets.json.17.drString found in binary or memory: https://livechat.com
Source: sets.json.17.drString found in binary or memory: https://livechatinc.com
Source: sets.json.17.drString found in binary or memory: https://livehindustan.com
Source: sets.json.17.drString found in binary or memory: https://livemint.com
Source: sets.json.17.drString found in binary or memory: https://max.auto
Source: sets.json.17.drString found in binary or memory: https://medonet.pl
Source: sets.json.17.drString found in binary or memory: https://meo.pt
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.cl
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.co
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.do
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.py
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.17.drString found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.17.drString found in binary or memory: https://mercadolivre.com
Source: sets.json.17.drString found in binary or memory: https://mercadolivre.com.br
Source: sets.json.17.drString found in binary or memory: https://mercadopago.cl
Source: sets.json.17.drString found in binary or memory: https://mercadopago.com
Source: sets.json.17.drString found in binary or memory: https://mercadopago.com.ar
Source: sets.json.17.drString found in binary or memory: https://mercadopago.com.br
Source: sets.json.17.drString found in binary or memory: https://mercadopago.com.co
Source: sets.json.17.drString found in binary or memory: https://mercadopago.com.ec
Source: sets.json.17.drString found in binary or memory: https://mercadopago.com.mx
Source: sets.json.17.drString found in binary or memory: https://mercadopago.com.pe
Source: sets.json.17.drString found in binary or memory: https://mercadopago.com.uy
Source: sets.json.17.drString found in binary or memory: https://mercadopago.com.ve
Source: sets.json.17.drString found in binary or memory: https://mercadoshops.cl
Source: sets.json.17.drString found in binary or memory: https://mercadoshops.com
Source: sets.json.17.drString found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.17.drString found in binary or memory: https://mercadoshops.com.br
Source: sets.json.17.drString found in binary or memory: https://mercadoshops.com.co
Source: sets.json.17.drString found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.17.drString found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.17.drString found in binary or memory: https://mightytext.net
Source: sets.json.17.drString found in binary or memory: https://mittanbud.no
Source: sets.json.17.drString found in binary or memory: https://motherandbaby.com
Source: sets.json.17.drString found in binary or memory: https://mystudentdashboard.com
Source: sets.json.17.drString found in binary or memory: https://nacion.com
Source: sets.json.17.drString found in binary or memory: https://naukri.com
Source: sets.json.17.drString found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.17.drString found in binary or memory: https://nien.co
Source: sets.json.17.drString found in binary or memory: https://nien.com
Source: sets.json.17.drString found in binary or memory: https://nien.org
Source: sets.json.17.drString found in binary or memory: https://nlc.hu
Source: sets.json.17.drString found in binary or memory: https://nosalty.hu
Source: sets.json.17.drString found in binary or memory: https://noticiascaracol.com
Source: sets.json.17.drString found in binary or memory: https://nourishingpursuits.com
Source: sets.json.17.drString found in binary or memory: https://nvidia.com
Source: sets.json.17.drString found in binary or memory: https://ocdn.eu
Source: sets.json.17.drString found in binary or memory: https://onet.pl
Source: sets.json.17.drString found in binary or memory: https://ottplay.com
Source: sets.json.17.drString found in binary or memory: https://p106.net
Source: sets.json.17.drString found in binary or memory: https://p24.hu
Source: chromecache_253.19.drString found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_179.19.dr, chromecache_253.19.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: sets.json.17.drString found in binary or memory: https://paula.com.uy
Source: sets.json.17.drString found in binary or memory: https://pdmp-apis.no
Source: sets.json.17.drString found in binary or memory: https://phonandroid.com
Source: sets.json.17.drString found in binary or memory: https://player.pl
Source: sets.json.17.drString found in binary or memory: https://plejada.pl
Source: sets.json.17.drString found in binary or memory: https://poalim.site
Source: sets.json.17.drString found in binary or memory: https://poalim.xyz
Source: chromecache_249.19.drString found in binary or memory: https://pocloudeastasia.crm.powerobjects.net/PowerWebForm/PowerWebFormData.aspx?t=aTEw5RAvbUeBXpGiR1
Source: sets.json.17.drString found in binary or memory: https://pomponik.pl
Source: sets.json.17.drString found in binary or memory: https://portalinmobiliario.com
Source: sets.json.17.drString found in binary or memory: https://prisjakt.no
Source: sets.json.17.drString found in binary or memory: https://punjabijagran.com
Source: chromecache_230.19.dr, chromecache_250.19.drString found in binary or memory: https://reactjs.org/link/react-polyfills
Source: sets.json.17.drString found in binary or memory: https://reactor.cc
Source: sets.json.17.drString found in binary or memory: https://repid.org
Source: sets.json.17.drString found in binary or memory: https://reshim.org
Source: sets.json.17.drString found in binary or memory: https://rws1nvtvt.com
Source: sets.json.17.drString found in binary or memory: https://rws2nvtvt.com
Source: sets.json.17.drString found in binary or memory: https://rws3nvtvt.com
Source: sets.json.17.drString found in binary or memory: https://sackrace.ai
Source: sets.json.17.drString found in binary or memory: https://salemoveadvisor.com
Source: sets.json.17.drString found in binary or memory: https://salemovefinancial.com
Source: sets.json.17.drString found in binary or memory: https://salemovetravel.com
Source: sets.json.17.drString found in binary or memory: https://samayam.com
Source: sets.json.17.drString found in binary or memory: https://sapo.io
Source: sets.json.17.drString found in binary or memory: https://sapo.pt
Source: chromecache_249.19.drString found in binary or memory: https://schema.org/
Source: chromecache_183.19.drString found in binary or memory: https://secure.livechatinc.com/
Source: sets.json.17.drString found in binary or memory: https://shock.co
Source: sets.json.17.drString found in binary or memory: https://smaker.pl
Source: sets.json.17.drString found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.17.drString found in binary or memory: https://socket-to-me.vip
Source: sets.json.17.drString found in binary or memory: https://songshare.com
Source: sets.json.17.drString found in binary or memory: https://songstats.com
Source: sets.json.17.drString found in binary or memory: https://startlap.hu
Source: sets.json.17.drString found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.17.drString found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.17.drString found in binary or memory: https://startupislandtaiwan.org
Source: chromecache_191.19.dr, chromecache_217.19.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: sets.json.17.drString found in binary or memory: https://stripe.com
Source: sets.json.17.drString found in binary or memory: https://stripe.network
Source: sets.json.17.drString found in binary or memory: https://stripecdn.com
Source: sets.json.17.drString found in binary or memory: https://supereva.it
Source: sets.json.17.drString found in binary or memory: https://takeabreak.co.uk
Source: sets.json.17.drString found in binary or memory: https://talkdeskqaid.com
Source: sets.json.17.drString found in binary or memory: https://talkdeskstgid.com
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_191.19.dr, chromecache_217.19.dr, chromecache_179.19.dr, chromecache_253.19.drString found in binary or memory: https://td.doubleclick.net
Source: sets.json.17.drString found in binary or memory: https://teacherdashboard.com
Source: sets.json.17.drString found in binary or memory: https://terazgotuje.pl
Source: sets.json.17.drString found in binary or memory: https://text.com
Source: sets.json.17.drString found in binary or memory: https://textyserver.appspot.com
Source: sets.json.17.drString found in binary or memory: https://the42.ie
Source: sets.json.17.drString found in binary or memory: https://thejournal.ie
Source: sets.json.17.drString found in binary or memory: https://thirdspace.org.au
Source: sets.json.17.drString found in binary or memory: https://timesinternet.in
Source: sets.json.17.drString found in binary or memory: https://timesofindia.com
Source: sets.json.17.drString found in binary or memory: https://tolteck.app
Source: sets.json.17.drString found in binary or memory: https://tolteck.com
Source: sets.json.17.drString found in binary or memory: https://top.pl
Source: sets.json.17.drString found in binary or memory: https://tribunnews.com
Source: sets.json.17.drString found in binary or memory: https://trytalkdesk.com
Source: sets.json.17.drString found in binary or memory: https://tucarro.com
Source: sets.json.17.drString found in binary or memory: https://tucarro.com.co
Source: sets.json.17.drString found in binary or memory: https://tucarro.com.ve
Source: sets.json.17.drString found in binary or memory: https://tvid.in
Source: sets.json.17.drString found in binary or memory: https://tvn.pl
Source: sets.json.17.drString found in binary or memory: https://tvn24.pl
Source: chromecache_249.19.drString found in binary or memory: https://twitter.com/KernelRecovery/
Source: sets.json.17.drString found in binary or memory: https://unotv.com
Source: sets.json.17.drString found in binary or memory: https://victorymedium.com
Source: sets.json.17.drString found in binary or memory: https://welt.de
Source: sets.json.17.drString found in binary or memory: https://wieistmeineip.de
Source: sets.json.17.drString found in binary or memory: https://wordle.at
Source: sets.json.17.drString found in binary or memory: https://www.asadcdn.com
Source: chromecache_249.19.drString found in binary or memory: https://www.dmca.com/Protection/Status.aspx?ID=ca3ccfe6-3d1a-4c62-aacd-e28198ab9e61&amp;refurl=https
Source: is-TAPQG.tmp.2.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: freekernelpstviewer.tmp, 00000002.00000002.3000302337.00000000060A6000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, is-TAPQG.tmp.2.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: chromecache_249.19.drString found in binary or memory: https://www.google-analytics.com/
Source: chromecache_249.19.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_253.19.drString found in binary or memory: https://www.google.com
Source: chromecache_253.19.drString found in binary or memory: https://www.googleadservices.com
Source: chromecache_249.19.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion.js
Source: chromecache_253.19.drString found in binary or memory: https://www.googletagmanager.com
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_179.19.dr, chromecache_253.19.drString found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_249.19.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_249.19.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M4JS6TD
Source: chromecache_224.19.dr, chromecache_208.19.dr, chromecache_179.19.dr, chromecache_253.19.drString found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_249.19.drString found in binary or memory: https://www.instagram.com/kerneldatarecovery/
Source: chromecache_191.19.dr, chromecache_217.19.drString found in binary or memory: https://www.merchant-center-analytics.goog
Source: freekernelpstviewer.tmp, 00000002.00000002.2999827187.00000000021E1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/AboutUs.html
Source: Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drString found in binary or memory: https://www.nucleustechnologies.com/Buy-Microsoft-Outlook-Mails-Recovery-Software.php?utm_source=Mic
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/Careers.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/Contact.html
Source: is-TAPQG.tmp.2.drString found in binary or memory: https://www.nucleustechnologies.com/Data-Recovery-Software.html
Source: chromecache_249.19.dr, chromecache_232.19.dr, chromecache_240.19.drString found in binary or memory: https://www.nucleustechnologies.com/Disclaimer.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/News.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/Refund-Guaranteed.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/affiliate-programme.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/awards-and-reviews.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/backup-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/backup-suite/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/bkf-repair.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/blog/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/casestudy/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/cloud-migration.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/cloud-tools.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/compress-pst.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/cssnew/fonts/Montserrat-Regular.woff2
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/cssnew/freeware-download.css
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/cssnew/menu-update-2023.css
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/data-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/database-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/dbf-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/de/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/edb-to-pst.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/email-migration.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/email-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/email-to-pdf-converter/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/eml-to-pst.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/employee-monitoring/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/es/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/eula.pdf
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/exchange-migration/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/exchange-server-backup/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/exchange-server-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/exchange-suite.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/export-office-365-to-pst/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/find-partners.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/fr/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/g-suite-backup/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/g-suite-to-office-365/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/gmail-backup/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/google-drive-migration/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/how-pst-viewer-works.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/how-to/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/image-to-pdf.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew/dmca.png
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew/dmca.png?ID=ca3ccfe6-3d1a-4c62-aacd-e28198ab9e61
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew/dmca.webp
Source: chromecache_272.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/add-to-cart-min.png)
Source: chromecache_242.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/arw-menu-up.png)
Source: chromecache_242.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/arw-menu.png)
Source: chromecache_272.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/bllt-tick.png)
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cli-1.png
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cli-2.png
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cli-3.png
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cli-4.png
Source: chromecache_272.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/clients-spr2.png)
Source: chromecache_242.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/cloud-serv-bg.png)
Source: chromecache_272.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/down-load-D.png);position:
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/logo.avif
Source: chromecache_242.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/prod-spr-El.png)
Source: chromecache_272.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/shape-buy-del.png)
Source: chromecache_272.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/shp-demo.png)
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc002.png
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc002.webp
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc003.png
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc003.webp
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc004.png
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc004.webp
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc005.png
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/soc005.webp
Source: chromecache_272.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/sprite-icn.png)
Source: chromecache_272.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/tick-book-black.png)
Source: chromecache_272.19.drString found in binary or memory: https://www.nucleustechnologies.com/imagenew20/what-makes-effect-bg.png)
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imap-backup/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/imap-migration/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/import-pst-to-office-365/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/installation/outlook-pst-viewer.pdf
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/it/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/jsnew/bootstrap.bundleV5.2.min.js
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/jsnew/customscript.js
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/jsnew/jquery-v3.6.3.js
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/kernel-store/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/kernel-suites.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/linux-data-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/lotus-notes-local-security-removal.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/lotus-notes-to-office365.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/lotus-notes-to-outlook.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/mbox-to-pst.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/merge-pst/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/microsoft-teams-backup/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/microsoft-teams-migration/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/ms-office-file-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/mysql-repair.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/nfr-license.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/nl/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/notes-conversion-suite.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/ntjs/cookie.notice.js
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/ntsearch/results.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/offers/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/office-365-backup/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/office-365-migration/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/olm-to-pst.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/oracle-database-recovery/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/ost-to-pst-converter.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/outlook-duplicates-remover.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/outlook-errors/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/outlook-express-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/outlook-password-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/outlook-pst-repair.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/outlook-suite.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/outlook-tools.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/partner-resources.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/partners-programme.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/pdf-converter/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/pdf-extractor/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/pdf-repair.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/pdf-restriction-remover.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/pdf-to-word.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/pdf-tools.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/photo-recovery/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/photo-repair/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/products.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/pst-converter/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/pst-split.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/pst-viewer.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/publisher-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/repair-access-database.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/repair-excel-file.php
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/repair-powerpoint-file.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/repair-word-file.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/resellers-programme.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/services/cloud-migration/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/sharepoint-document-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/sharepoint-migration/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/sitemap.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/sitemap.xml
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/split-pdf.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/sql-backup-recovery/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/sql-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/sqlite-database-recovery/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/supportcenter/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/supportcenter/knowledgebase
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/tape-data-recovery.html
Source: unins000.dat.2.drString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html2
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html8
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html?msg=Thanks
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlK
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlZ
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlbu
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmle
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlf
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlhttps://www.nucleust
Source: freekernelpstviewer.tmp, 00000002.00000002.2999480860.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmli
Source: freekernelpstviewer.tmp, 00000002.00000002.2999066618.0000000000540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmllC:
Source: freekernelpstviewer.tmp, 00000002.00000002.2999827187.00000000021E1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlnel
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/vhd-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/video-repair/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/vmdk-recovery/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/windows-data-recovery.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/word-to-pdf.html
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/zimbra-mailbox-backup/
Source: chromecache_249.19.drString found in binary or memory: https://www.nucleustechnologies.com/zip-repair.html
Source: chromecache_249.19.drString found in binary or memory: https://www.youtube.com/KernelDataRecovery
Source: chromecache_191.19.dr, chromecache_217.19.drString found in binary or memory: https://www.youtube.com/iframe_api
Source: sets.json.17.drString found in binary or memory: https://yours.co.uk
Source: sets.json.17.drString found in binary or memory: https://zdrowietvn.pl
Source: unknownNetwork traffic detected: HTTP traffic on port 54668 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54659
Source: unknownNetwork traffic detected: HTTP traffic on port 54616 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54645 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54639 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54654
Source: unknownNetwork traffic detected: HTTP traffic on port 54651 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54653
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54652
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54651
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54658
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54657
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54656
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54655
Source: unknownNetwork traffic detected: HTTP traffic on port 54631 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54661
Source: unknownNetwork traffic detected: HTTP traffic on port 54677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54654 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54625 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 54619 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54663 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54664
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54663
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54662
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54669
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54668
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54667
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54672
Source: unknownNetwork traffic detected: HTTP traffic on port 54657 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54670
Source: unknownNetwork traffic detected: HTTP traffic on port 54622 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54618 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54647 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54676
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54675
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54673
Source: unknownNetwork traffic detected: HTTP traffic on port 54610 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54678
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54677
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54683
Source: unknownNetwork traffic detected: HTTP traffic on port 54652 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54682
Source: unknownNetwork traffic detected: HTTP traffic on port 54675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54607
Source: unknownNetwork traffic detected: HTTP traffic on port 54644 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54669 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54609
Source: unknownNetwork traffic detected: HTTP traffic on port 54638 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54608
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54687
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54685
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54684
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54689
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54690
Source: unknownNetwork traffic detected: HTTP traffic on port 54630 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54607 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54683 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54693
Source: unknownNetwork traffic detected: HTTP traffic on port 54655 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54691
Source: unknownNetwork traffic detected: HTTP traffic on port 54624 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54618
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54617
Source: unknownNetwork traffic detected: HTTP traffic on port 54693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54616
Source: unknownNetwork traffic detected: HTTP traffic on port 54670 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54619
Source: unknownNetwork traffic detected: HTTP traffic on port 54664 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54649 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54610
Source: unknownNetwork traffic detected: HTTP traffic on port 54687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54695
Source: unknownNetwork traffic detected: HTTP traffic on port 54658 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54635 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54629 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54661 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54629
Source: unknownNetwork traffic detected: HTTP traffic on port 54667 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54626
Source: unknownNetwork traffic detected: HTTP traffic on port 54646 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54650 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54625
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54624
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54623
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54622
Source: unknownNetwork traffic detected: HTTP traffic on port 54678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54632 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54609 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54653 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54626 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54639
Source: unknownNetwork traffic detected: HTTP traffic on port 54643 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54638
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54637
Source: unknownNetwork traffic detected: HTTP traffic on port 54695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54632
Source: unknownNetwork traffic detected: HTTP traffic on port 54637 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54631
Source: unknownNetwork traffic detected: HTTP traffic on port 54685 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54630
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54635
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54634
Source: unknownNetwork traffic detected: HTTP traffic on port 54608 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54656 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54623 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54649
Source: unknownNetwork traffic detected: HTTP traffic on port 54617 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54648
Source: unknownNetwork traffic detected: HTTP traffic on port 54690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54648 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54643
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54647
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54646
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54645
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54644
Source: unknownNetwork traffic detected: HTTP traffic on port 54634 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54650
Source: unknownNetwork traffic detected: HTTP traffic on port 54659 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54662 -> 443
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.4:54607 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54608 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54609 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:54610 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:54649 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:54656 version: TLS 1.2
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_2000686B GetKeyState,GetKeyState,GetKeyState,GetKeyState,16_2_2000686B
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_20010CC7 GetKeyState,GetKeyState,GetKeyState,16_2_20010CC7
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_20006D21 GetKeyState,GetKeyState,GetKeyState,GetKeyState,16_2_20006D21
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_20017FD3 GetKeyState,GetKeyState,GetKeyState,ReleaseCapture,DoDragDrop,16_2_20017FD3
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0042F9C0 NtdllDefWindowProc_A,2_2_0042F9C0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00423FD4 NtdllDefWindowProc_A,2_2_00423FD4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00412A28 NtdllDefWindowProc_A,2_2_00412A28
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00479D08 NtdllDefWindowProc_A,2_2_00479D08
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00457D90 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,2_2_00457D90
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0042ED84: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,2_2_0042ED84
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00455D80
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Windows\SysWOW64\is-1E6U8.tmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\sets.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\LICENSEJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_3300_1054330487Jump to behavior
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_004088881_2_00408888
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004680342_2_00468034
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004716882_2_00471688
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004880302_2_00488030
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0046A0882_2_0046A088
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004521002_2_00452100
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0043E1F02_2_0043E1F0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004307FC2_2_004307FC
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004449682_2_00444968
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00434A642_2_00434A64
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00444F102_2_00444F10
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00488F902_2_00488F90
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004313882_2_00431388
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004456082_2_00445608
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0048F6BC2_2_0048F6BC
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004357682_2_00435768
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0045F8C02_2_0045F8C0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0045B9702_2_0045B970
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00445A142_2_00445A14
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_1000612016_2_10006120
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_1000123016_2_10001230
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_1000595016_2_10005950
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_1000528016_2_10005280
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_2000244816_2_20002448
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 00446274 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 0040596C appears 114 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 00453AAC appears 97 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 0043497C appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 00458718 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 00403400 appears 62 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 0040905C appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 00407D44 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 00446544 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 0045850C appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 00403494 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 0040357C appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 00406F14 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: String function: 00403684 appears 229 times
Source: freekernelpstviewer.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: freekernelpstviewer.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: freekernelpstviewer.tmp.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-IGNSG.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-IGNSG.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-IGNSG.tmp.2.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: freekernelpstviewer.exe, 00000001.00000003.1737928534.0000000002300000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs freekernelpstviewer.exe
Source: freekernelpstviewer.exe, 00000001.00000003.1738291916.0000000002098000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs freekernelpstviewer.exe
Source: freekernelpstviewer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: clean7.winEXE@45/199@11/9
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00455D80
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004565A8 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,2_2_004565A8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00456DD4 CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString,2_2_00456DD4
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_0040A0D4 FindResourceA,SizeofResource,LoadResource,LockResource,1_2_0040A0D4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Program Files (x86)\Kernel Outlook PST ViewerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{71993500-DCC6-49b5-9C61-DE9117608DSA}
Source: C:\Users\user\Desktop\freekernelpstviewer.exeFile created: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\freekernelpstviewer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: freekernelpstviewer.exeString found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
Source: freekernelpstviewer.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\freekernelpstviewer.exeFile read: C:\Users\user\Desktop\freekernelpstviewer.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\freekernelpstviewer.exe "C:\Users\user\Desktop\freekernelpstviewer.exe"
Source: C:\Users\user\Desktop\freekernelpstviewer.exeProcess created: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp "C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp" /SL5="$10432,4877973,80384,C:\Users\user\Desktop\freekernelpstviewer.exe"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.OCX"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe "C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe"
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1856,i,4981765526884018428,11496894683768264734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\freekernelpstviewer.exeProcess created: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp "C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp" /SL5="$10432,4877973,80384,C:\Users\user\Desktop\freekernelpstviewer.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.OCX"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe "C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1856,i,4981765526884018428,11496894683768264734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\freekernelpstviewer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\freekernelpstviewer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: redemption.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: profman.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: redemption.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: profman.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: redemption64.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: profman64.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: zlib1.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: riched32.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: riched20.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: usp10.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: msls31.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: msiso.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: inetcomm.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: msoert2.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: inetres.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: mlang.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: Kernel Outlook PST Viewer.lnk.2.drLNK file: ..\..\..\..\..\..\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
Source: Uninstall Kernel Outlook PST Viewer .lnk.2.drLNK file: ..\..\..\..\..\..\Program Files (x86)\Kernel Outlook PST Viewer\unins000.exe
Source: Kernel Outlook PST Viewer .lnk.2.drLNK file: ..\..\..\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
Source: Kernel Outlook PST Viewer.lnk0.2.drLNK file: ..\..\..\..\..\..\..\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpAutomated click: I accept the agreement
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: OK
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAutomated click: Next >
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeFile opened: C:\Windows\SysWOW64\RICHED32.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeWindow detected: Number of UI elements: 44
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeWindow detected: Number of UI elements: 40
Source: freekernelpstviewer.exeStatic PE information: certificate valid
Source: freekernelpstviewer.exeStatic file information: File size 5169960 > 1048576
Source: freekernelpstviewer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00450994 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00450994
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_00406A18 push 00406A55h; ret 1_2_00406A4D
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_004040B5 push eax; ret 1_2_004040F1
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_00404185 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_00404206 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_004042E8 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_00404283 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_004093B4 push 004093E7h; ret 1_2_004093DF
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_00408580 push ecx; mov dword ptr [esp], eax1_2_00408585
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00409D9C push 00409DD9h; ret 2_2_00409DD1
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0041A078 push ecx; mov dword ptr [esp], ecx2_2_0041A07D
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00452100 push ecx; mov dword ptr [esp], eax2_2_00452105
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0040A273 push ds; ret 2_2_0040A29D
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004062C4 push ecx; mov dword ptr [esp], eax2_2_004062C5
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0040A29F push ds; ret 2_2_0040A2A0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00460518 push ecx; mov dword ptr [esp], ecx2_2_0046051C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00496594 push ecx; mov dword ptr [esp], ecx2_2_00496599
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004587B4 push 004587ECh; ret 2_2_004587E4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00410930 push ecx; mov dword ptr [esp], edx2_2_00410935
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00486A94 push ecx; mov dword ptr [esp], ecx2_2_00486A99
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00478D50 push ecx; mov dword ptr [esp], edx2_2_00478D51
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00412D78 push 00412DDBh; ret 2_2_00412DD3
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0040D288 push ecx; mov dword ptr [esp], edx2_2_0040D28A
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0040546D push eax; ret 2_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0040553D push 00405749h; ret 2_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004055BE push 00405749h; ret 2_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0040563B push 00405749h; ret 2_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004056A0 push 00405749h; ret 2_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0040F7E8 push ecx; mov dword ptr [esp], edx2_2_0040F7EA
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004438E0 push ecx; mov dword ptr [esp], ecx2_2_004438E4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00459ACC push 00459B10h; ret 2_2_00459B08
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0049BD44 pushad ; retf 2_2_0049BD53
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Windows\SysWOW64\is-1E6U8.tmpJump to dropped file
Source: C:\Users\user\Desktop\freekernelpstviewer.exeFile created: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Program Files (x86)\Kernel Outlook PST Viewer\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-IGNSG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-TAPQG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1BHTD.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Windows\SysWOW64\RICHTX32.OCX (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-I80GQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Program Files (x86)\Kernel Outlook PST Viewer\zlib1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Windows\SysWOW64\is-1E6U8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\Windows\SysWOW64\RICHTX32.OCX (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel Outlook PST ViewerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel Outlook PST Viewer\Uninstall Kernel Outlook PST Viewer .lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00422CAC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_2_00422CAC
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0041811E IsIconic,SetWindowPos,2_2_0041811E
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00418120 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_2_00418120
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004245E4 IsIconic,SetActiveWindow,2_2_004245E4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0042462C IsIconic,SetActiveWindow,SetFocus,2_2_0042462C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004187D4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_2_004187D4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00484D28 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,2_2_00484D28
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0042F71C IsIconic,GetWindowLongA,GetWindowLongA,GetActiveWindow,MessageBoxA,SetActiveWindow,GetActiveWindow,MessageBoxA,SetActiveWindow,2_2_0042F71C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004179E8 IsIconic,GetCapture,2_2_004179E8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0041F568 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_0041F568
Source: C:\Users\user\Desktop\freekernelpstviewer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeMemory allocated: 5DA0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\is-1E6U8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpDropped PE file which has not been started: C:\Program Files (x86)\Kernel Outlook PST Viewer\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpDropped PE file which has not been started: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-IGNSG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1BHTD.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpDropped PE file which has not been started: C:\Program Files (x86)\Kernel Outlook PST Viewer\is-I80GQ.tmpJump to dropped file
Source: C:\Users\user\Desktop\freekernelpstviewer.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_1-6006
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeAPI coverage: 0.6 %
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00476120 FindFirstFileA,FindNextFileA,FindClose,2_2_00476120
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004531A4 FindFirstFileA,GetLastError,2_2_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00463344 FindFirstFileA,FindNextFileA,FindClose,2_2_00463344
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_0049998C
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_0040A018 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,1_2_0040A018
Source: C:\Users\user\Desktop\freekernelpstviewer.exeAPI call chain: ExitProcess graph end nodegraph_1-6720
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00450994 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00450994
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: 16_2_20001821 HeapAlloc,GetProcessHeap,16_2_20001821
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0047974C ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,2_2_0047974C
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.htmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0042F254 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA,2_2_0042F254
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_0042E4EC AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,2_2_0042E4EC
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: GetLocaleInfoA,1_2_0040565C
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: GetLocaleInfoA,1_2_004056A8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: GetLocaleInfoA,2_2_004089B8
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: GetLocaleInfoA,2_2_00408A04
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: EnterCriticalSection,GetLocaleInfoA,GetLocaleInfoA,LoadStringA,wsprintfA,GetModuleFileNameA,LoadLibraryA,LoadLibraryA,lstrlenA,wsprintfA,LoadLibraryA,GetLocaleInfoA,lstrlenA,LoadLibraryA,wsprintfA,LoadLibraryA,LeaveCriticalSection,GetModuleFileNameA,16_2_20007BD0
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeCode function: lstrcpyA,GetLocaleInfoA,lstrcpyA,CharNextA,CharNextA,lstrcpyA,CharNextA,16_2_20007E15
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00458DC4 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,2_2_00458DC4
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_004026C4 GetSystemTime,1_2_004026C4
Source: C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmpCode function: 2_2_00455D38 GetUserNameA,2_2_00455D38
Source: C:\Users\user\Desktop\freekernelpstviewer.exeCode function: 1_2_00404654 GetModuleHandleA,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy,1_2_00404654
Source: C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Deobfuscate/Decode Files or Information		1
Input Capture		1
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		2
Obfuscated Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Access Token Manipulation		1
DLL Side-Loading		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		1
File Deletion		NTDS26
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Registry Run Keys / Startup Folder		22
Masquerading		LSA Secrets1
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
Virtualization/Sandbox Evasion		Cached Domain Credentials11
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSync1
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Process Injection		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Regsvr32		/etc/passwd and /etc/shadow3
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
freekernelpstviewer.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe (copy)0%ReversingLabs
C:\Program Files (x86)\Kernel Outlook PST Viewer\is-I80GQ.tmp0%ReversingLabs
C:\Program Files (x86)\Kernel Outlook PST Viewer\is-IGNSG.tmp4%ReversingLabs
C:\Program Files (x86)\Kernel Outlook PST Viewer\is-TAPQG.tmp0%ReversingLabs
C:\Program Files (x86)\Kernel Outlook PST Viewer\unins000.exe (copy)4%ReversingLabs
C:\Program Files (x86)\Kernel Outlook PST Viewer\zlib1.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-1BHTD.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp5%ReversingLabs
C:\Windows\SysWOW64\RICHTX32.OCX (copy)0%ReversingLabs
C:\Windows\SysWOW64\is-1E6U8.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://wieistmeineip.de0%URL Reputationsafe
https://mercadoshops.com.co0%URL Reputationsafe
https://mercadolivre.com0%URL Reputationsafe
https://medonet.pl0%URL Reputationsafe
https://mercadoshops.com.br0%URL Reputationsafe
https://johndeere.com0%URL Reputationsafe
https://elfinancierocr.com0%URL Reputationsafe
https://bolasport.com0%URL Reputationsafe
https://desimartini.com0%URL Reputationsafe
https://hearty.app0%URL Reputationsafe
https://mercadoshops.com0%URL Reputationsafe
https://p106.net0%URL Reputationsafe
https://songshare.com0%URL Reputationsafe
https://smaker.pl0%URL Reputationsafe
https://p24.hu0%URL Reputationsafe
https://mightytext.net0%URL Reputationsafe
https://hazipatika.com0%URL Reputationsafe
https://joyreactor.com0%URL Reputationsafe
https://eworkbookcloud.com0%URL Reputationsafe
https://chennien.com0%URL Reputationsafe
https://drimer.travel0%URL Reputationsafe
https://mercadopago.cl0%URL Reputationsafe
https://bonvivir.com0%URL Reputationsafe
https://sapo.io0%URL Reputationsafe
https://welt.de0%URL Reputationsafe
https://poalim.site0%URL Reputationsafe
https://drimer.io0%URL Reputationsafe
https://infoedgeindia.com0%URL Reputationsafe
https://blackrockadvisorelite.it0%URL Reputationsafe
https://cognitive-ai.ru0%URL Reputationsafe
https://cafemedia.com0%URL Reputationsafe
https://graziadaily.co.uk0%URL Reputationsafe
https://thirdspace.org.au0%URL Reputationsafe
https://mercadoshops.com.ar0%URL Reputationsafe
https://commentcamarche.com0%URL Reputationsafe
https://rws3nvtvt.com0%URL Reputationsafe
https://mercadolivre.com.br0%URL Reputationsafe
https://clmbtech.com0%URL Reputationsafe
https://salemovefinancial.com0%URL Reputationsafe
https://mercadopago.com.br0%URL Reputationsafe
https://commentcamarche.net0%URL Reputationsafe
https://hj.rs0%URL Reputationsafe
https://reactjs.org/link/react-polyfills0%URL Reputationsafe
https://hearty.me0%URL Reputationsafe
https://mercadolibre.com.gt0%URL Reputationsafe
https://indiatodayne.in0%URL Reputationsafe
https://idbs-staging.com0%URL Reputationsafe
https://mercadolibre.co.cr0%URL Reputationsafe
https://prisjakt.no0%URL Reputationsafe
https://kompas.com0%URL Reputationsafe
https://player.pl0%URL Reputationsafe
https://mercadopago.com.ar0%URL Reputationsafe
https://tucarro.com.co0%URL Reputationsafe
https://terazgotuje.pl0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
googleads.g.doubleclick.net
216.58.206.34
truefalse
    		unknown
    improvely-com-2021-1842759544.us-east-1.elb.amazonaws.com
    		3.224.56.91
    		truefalse
      		unknown
      www.google.com
      		172.217.18.4
      		truefalse
        		unknown
        td.doubleclick.net
        		142.250.185.130
        		truefalse
          		unknown
          nucleustechnologies.com
          		67.227.166.81
          		truefalse
            		unknown
            ax-0001.ax-msedge.net
            		150.171.27.10
            		truefalse
              		unknown
              www.nucleustechnologies.com
              		unknown
              		unknownfalse
                		unknown
                lepide.iljmp.com
                		unknown
                		unknownfalse
                  		unknown
                  secure.livechatinc.com
                  		unknown
                  		unknownfalse
                    		unknown
                    206.23.85.13.in-addr.arpa
                    		unknown
                    		unknownfalse
                      		unknown
                      api.livechatinc.com
                      		unknown
                      		unknownfalse
                        		unknown
                        accounts.livechatinc.com
                        		unknown
                        		unknownfalse
                          		unknown
                          cdn.livechatinc.com
                          		unknown
                          		unknownfalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://www.nucleustechnologies.com/imagenew20/prod-spr-El.pngfalse
                              		unknown
                              https://www.nucleustechnologies.com/imagenew20/cli-4.pngfalse
                                		unknown
                                https://www.nucleustechnologies.com/imagenew/dmca.webpfalse
                                  		unknown
                                  https://www.nucleustechnologies.com/cssnew/freeware-download.cssfalse
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://wieistmeineip.desets.json.17.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://mercadoshops.com.cosets.json.17.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.nucleustechnologies.com/email-to-pdf-converter/chromecache_249.19.drfalse
                                      		unknown
                                      https://www.nucleustechnologies.com/office-365-migration/chromecache_249.19.drfalse
                                        		unknown
                                        https://mercadolivre.comsets.json.17.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.nucleustechnologies.com/lotus-notes-to-office365.htmlchromecache_249.19.drfalse
                                          		unknown
                                          https://www.nucleustechnologies.com/eula.pdfchromecache_249.19.drfalse
                                            		unknown
                                            https://www.nucleustechnologies.com/imagenew20/tick-book-black.png)chromecache_272.19.drfalse
                                              		unknown
                                              https://medonet.plsets.json.17.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.nucleustechnologies.com/imagenew20/shp-demo.png)chromecache_272.19.drfalse
                                                		unknown
                                                https://mercadoshops.com.brsets.json.17.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.nucleustechnologies.com/database-recovery.htmlchromecache_249.19.drfalse
                                                  		unknown
                                                  https://johndeere.comsets.json.17.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://elfinancierocr.comsets.json.17.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://bolasport.comsets.json.17.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.nucleustechnologies.com/News.htmlchromecache_249.19.drfalse
                                                    		unknown
                                                    https://desimartini.comsets.json.17.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://hearty.appsets.json.17.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.nucleustechnologies.comfreekernelpstviewer.tmp, 00000002.00000002.2999827187.00000000021E1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://mercadoshops.comsets.json.17.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://nlc.husets.json.17.drfalse
                                                        		unknown
                                                        https://www.nucleustechnologies.com/imagenew20/cloud-serv-bg.png)chromecache_242.19.drfalse
                                                          		unknown
                                                          https://p106.netsets.json.17.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.nucleustechnologies.com/sql-backup-recovery/chromecache_249.19.drfalse
                                                            		unknown
                                                            https://secure.livechatinc.com/chromecache_183.19.drfalse
                                                              		unknown
                                                              https://songshare.comsets.json.17.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://smaker.plsets.json.17.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://p24.husets.json.17.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://24.husets.json.17.drfalse
                                                                		unknown
                                                                https://www.nucleustechnologies.com/Disclaimer.htmlchromecache_249.19.dr, chromecache_232.19.dr, chromecache_240.19.drfalse
                                                                  		unknown
                                                                  https://www.nucleustechnologies.com/lotus-notes-to-outlook.htmlchromecache_249.19.drfalse
                                                                    		unknown
                                                                    https://mightytext.netsets.json.17.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlinefreekernelpstviewer.exefalse
                                                                      		unknown
                                                                      https://hazipatika.comsets.json.17.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://joyreactor.comsets.json.17.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://eworkbookcloud.comsets.json.17.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://chennien.comsets.json.17.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://drimer.travelsets.json.17.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.nucleustechnologies.com/Data-Recovery-Software.htmlis-TAPQG.tmp.2.drfalse
                                                                        		unknown
                                                                        https://www.nucleustechnologies.com/partner-resources.htmlchromecache_249.19.drfalse
                                                                          		unknown
                                                                          https://mercadopago.clsets.json.17.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.nucleustechnologies.com/resellers-programme.htmlchromecache_249.19.drfalse
                                                                            		unknown
                                                                            https://naukri.comsets.json.17.drfalse
                                                                              		unknown
                                                                              https://interia.plsets.json.17.drfalse
                                                                                		unknown
                                                                                https://www.nucleustechnologies.com/nl/chromecache_249.19.drfalse
                                                                                  		unknown
                                                                                  https://bonvivir.comsets.json.17.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://sapo.iosets.json.17.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://www.nucleustechnologies.com/imagenew20/arw-menu-up.png)chromecache_242.19.drfalse
                                                                                    		unknown
                                                                                    https://www.nucleustechnologies.com/pdf-repair.htmlchromecache_249.19.drfalse
                                                                                      		unknown
                                                                                      https://welt.desets.json.17.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://poalim.sitesets.json.17.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://drimer.iosets.json.17.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://infoedgeindia.comsets.json.17.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://blackrockadvisorelite.itsets.json.17.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://www.nucleustechnologies.com/find-partners.htmlchromecache_249.19.drfalse
                                                                                        		unknown
                                                                                        https://cognitive-ai.rusets.json.17.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://www.nucleustechnologies.com/notes-conversion-suite.htmlchromecache_249.19.drfalse
                                                                                          		unknown
                                                                                          https://cafemedia.comsets.json.17.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://graziadaily.co.uksets.json.17.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://thirdspace.org.ausets.json.17.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://www.nucleustechnologies.com/cloud-migration.htmlchromecache_249.19.drfalse
                                                                                            		unknown
                                                                                            https://mercadoshops.com.arsets.json.17.drfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://commentcamarche.comsets.json.17.drfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://rws3nvtvt.comsets.json.17.drfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://www.nucleustechnologies.com/data-recovery.htmlchromecache_249.19.drfalse
                                                                                              		unknown
                                                                                              https://mercadolivre.com.brsets.json.17.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://www.nucleustechnologies.com/vhd-recovery.htmlchromecache_249.19.drfalse
                                                                                                		unknown
                                                                                                https://clmbtech.comsets.json.17.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://www.nucleustechnologies.com/exchange-suite.htmlchromecache_249.19.drfalse
                                                                                                  		unknown
                                                                                                  https://salemovefinancial.comsets.json.17.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://mercadopago.com.brsets.json.17.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://www.nucleustechnologies.com/zimbra-mailbox-backup/chromecache_249.19.drfalse
                                                                                                    		unknown
                                                                                                    https://commentcamarche.netsets.json.17.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://hj.rssets.json.17.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://reactjs.org/link/react-polyfillschromecache_230.19.dr, chromecache_250.19.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://www.cknotes.com/?p=217WSAECONNRESETKernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drfalse
                                                                                                      		unknown
                                                                                                      https://hearty.mesets.json.17.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://mercadolibre.com.gtsets.json.17.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://indiatodayne.insets.json.17.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://www.nucleustechnologies.com/bkf-repair.htmlchromecache_249.19.drfalse
                                                                                                        		unknown
                                                                                                        https://idbs-staging.comsets.json.17.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://mercadolibre.co.crsets.json.17.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://prisjakt.nosets.json.17.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://kompas.comsets.json.17.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://www.nucleustechnologies.com/edb-to-pst.htmlchromecache_249.19.drfalse
                                                                                                          		unknown
                                                                                                          https://player.plsets.json.17.drfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://mercadopago.com.arsets.json.17.drfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://mercadolibre.com.hnsets.json.17.drfalse
                                                                                                            		unknown
                                                                                                            https://tucarro.com.cosets.json.17.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://terazgotuje.plsets.json.17.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://cdn.livechatinc.com/direct-link/livechat-chat-with-us.pngchromecache_183.19.drfalse
                                                                                                              		unknown
                                                                                                              https://www.dmca.com/Protection/Status.aspx?ID=ca3ccfe6-3d1a-4c62-aacd-e28198ab9e61&amp;refurl=httpschromecache_249.19.drfalse
                                                                                                                		unknown
                                                                                                                http://www.remobjects.com/psUfreekernelpstviewer.exe, 00000001.00000003.1737928534.0000000002300000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.exe, 00000001.00000003.1738291916.0000000002098000.00000004.00001000.00020000.00000000.sdmp, freekernelpstviewer.tmp, 00000002.00000000.1741148152.0000000000401000.00000020.00000001.01000000.00000004.sdmp, freekernelpstviewer.tmp.1.dr, is-IGNSG.tmp.2.drfalse
                                                                                                                  		unknown
                                                                                                                  http://www.cknotes.com/?p=217Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drfalse
                                                                                                                    		unknown
                                                                                                                    https://www.nucleustechnologies.com/repair-excel-file.phpchromecache_249.19.drfalse
                                                                                                                      		unknown
                                                                                                                      http://www.cknotes.com/?p=210Kernel Outlook PST Viewer.exe, 00000010.00000002.3000442623.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, Kernel Outlook PST Viewer.exe, 00000010.00000000.2106240011.0000000000BF3000.00000002.00000001.01000000.0000000A.sdmp, is-TAPQG.tmp.2.drfalse
                                                                                                                        		unknown

                                                                                                                        World Map of Contacted IPs

                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs

                                                                                                                        Public IPs

                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                        172.217.18.4
                                                                                                                        		www.google.comUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        216.58.206.34
                                                                                                                        		googleads.g.doubleclick.netUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        67.227.166.81
                                                                                                                        		nucleustechnologies.comUnited States
                                                                                                                        		32244LIQUIDWEBUSfalse
                                                                                                                        150.171.27.10
                                                                                                                        		ax-0001.ax-msedge.netUnited States
                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                        3.224.56.91
                                                                                                                        		improvely-com-2021-1842759544.us-east-1.elb.amazonaws.comUnited States
                                                                                                                        		14618AMAZON-AESUSfalse
                                                                                                                        239.255.255.250
                                                                                                                        		unknownReserved
                                                                                                                        		unknownunknownfalse
                                                                                                                        142.250.185.130
                                                                                                                        		td.doubleclick.netUnited States
                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                        Private

                                                                                                                        IP
                                                                                                                        192.168.2.8
                                                                                                                        192.168.2.4

                                                                                                                        General Information

                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                        Analysis ID:1523496
                                                                                                                        Start date and time:2024-10-01 17:25:14 +02:00
                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                        Overall analysis duration:0h 7m 27s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Cookbook file name:default.jbs
                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                        Number of analysed new started processes analysed:21
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:0
                                                                                                                        Technologies:
                                                                                                                        • HCA enabled
                                                                                                                        • EGA enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Sample name:freekernelpstviewer.exe
                                                                                                                        Detection:CLEAN
                                                                                                                        Classification:clean7.winEXE@45/199@11/9
                                                                                                                        EGA Information:
                                                                                                                        • Successful, ratio: 100%
                                                                                                                        HCA Information:Failed
                                                                                                                        Cookbook Comments:
                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                        Warnings

                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                        • Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 142.250.186.163, 142.250.110.84, 142.250.185.142, 34.104.35.123, 216.239.36.178, 216.239.38.178, 216.239.34.178, 216.239.32.178, 142.250.74.194, 142.250.186.170, 142.250.186.99, 142.250.185.232, 142.250.185.202, 142.250.186.138, 172.217.16.202, 172.217.18.10, 142.250.185.74, 142.250.185.170, 142.250.186.106, 172.217.23.106, 142.250.185.234, 142.250.185.106, 142.250.184.234, 216.58.206.74, 216.58.212.138, 142.250.184.202, 172.217.18.106, 142.250.185.138, 23.38.98.94, 23.38.98.79, 95.101.111.167, 95.101.111.161, 95.101.111.159, 95.101.111.162, 95.101.111.131, 95.101.111.174, 95.101.111.156, 95.101.111.145, 95.101.111.170, 95.101.111.143, 95.101.111.142, 95.101.111.186, 95.101.111.138
                                                                                                                        • Excluded domains from analysis (whitelisted): www.googleadservices.com, e39296.f.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, secure.livechat.com.edgekey.net, clients2.google.com, ocsp.digicert.com, www.googletagmanager.com, bat.bing.com, update.googleapis.com, cdn.livechat.com.edgekey.net, www.google-analytics.com, fonts.googleapis.com, accounts.livechat.com.edgekey.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, www-alv.google-analytics.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, e39296.b.akamaiedge.net, edgedl.me.gvt1.com, clients.l.google.com, api.livechat.com.edgekey.net
                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                        • VT rate limit hit for: freekernelpstviewer.exe

                                                                                                                        Simulations

                                                                                                                        Behavior and APIs

                                                                                                                        TimeTypeDescription
                                                                                                                        11:26:49API Interceptor1x Sleep call for process: Kernel Outlook PST Viewer.exe modified

                                                                                                                        Joe Sandbox View / Context

                                                                                                                        IPs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        150.171.27.10https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                          https://u47113775.ct.sendgrid.net/ls/click?upn=u001.NLjCc2NrF5-2Fl1RHefgLH74dDCI-2FlQUMQCuknF0akr34-3DPZ74_Bz-2FoIC9YMuvgy8ZsoekpZ-2Fn96y0OCAueT5LjwQn-2FX25AbFWdd2iGOJMfOUDymLwSDnjLWUuKOfyExMHrLPQc6sWuvBEF4PT9PwlcB-2BK9NQmoQucfLOeGSzPQg4J-2Bvn2C-2FT7DBGI3L6HQml9TPdefbzANw58o8IwtiN3AMNw21dRhcIy1JE5InQL6ZhzyniB-2FPrKB2Vn9uUJ7Mm1QrvUZh95-2FIqg1tkHnn-2FLCgLCOHUCdp1zwu5x-2Fprfv3kPHwI33RA9-2FJGY9xYPl-2BGH4uHP30vXeaFOwuVkWjx1bpQcAiato1uxhbL8AJAqpgT-2Bg5yQp7xXBACsCORIJr0VehkYFdFdFkgZPx7KSQblwloMm5OUc-2B9bb1d0siCBq5u36Pp2iCgmhq5PmipxmWr1HvrLZkdUUXJjpaRdjjEopb-2Fhw3b-2BUOpmNbUIJywjWyMBcUA9ScKtkpotTga2qo5ZaX-2B7AVyqz8KXtUfTb8SopobzuOWPiU-2BhBa8i7lRIGGQBQZmYU1TWv5mQ8uRPPf-2FWdH9RREF8cMLDET4k24yu8dJdqteeATx8Jfw8MWOWehX6ZTxJWGswooAVOvW116fDJmFNO-2F-2BecR-2Fd9NmRwCYnnK4Bh3IM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            https://content.app-us1.com/1REPZ7/2024/09/30/ff91983f-ef4d-4288-b1e8-8d1ab94f757b.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              https://www.allegiantair.com/deals//smsgiveawayGet hashmaliciousUnknownBrowse
                                                                                                                                https://myworkspace183015a0ec.myclickfunnels.com/reviewdoc--96b32?preview=trueGet hashmaliciousUnknownBrowse
                                                                                                                                  https://vh.gskoffihoura.com/okta.vailhealth.org/oauth2/v1/authorize&client_id=okta-2b1959c8-bcc0-56ebGet hashmaliciousUnknownBrowse
                                                                                                                                    Tonincasa Updated Employee sheet .pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      https://en.softonic.comGet hashmaliciousUnknownBrowse
                                                                                                                                        https://mx1.margarettaphilomena.net/Get hashmaliciousUnknownBrowse
                                                                                                                                          https://jogosderobloxdematazumbie.blogspot.com/Get hashmaliciousUnknownBrowse
                                                                                                                                            239.255.255.250ELECTRONIC RECEIPT_Opcsa.htmlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                https://debelfor.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                  Play_VM-Now(Tina.lawvey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                    https://www.dropbox.com/l/scl/AADL_v5DzsoHwkyegIhk6J0bQm3A7UWklCAGet hashmaliciousUnknownBrowse
                                                                                                                                                      https://k7qo.sarnerholz.cam/APRjVfmkGet hashmaliciousUnknownBrowse
                                                                                                                                                        https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0Get hashmaliciousPhisherBrowse
                                                                                                                                                          https://0.pwsinc.shop/?MKPT=IncGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                            Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                              https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.comGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                Domains

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                ax-0001.ax-msedge.nethttps://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 150.171.27.10
                                                                                                                                                                https://www.canva.com/design/DAGSL2lLp_4/lQGTdiRa89y3fkgkaFc-uQ/edit?utm_content=DAGSL2lLp_4&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 150.171.28.10
                                                                                                                                                                https://app.getresponse.com/change_details.html?x=a62b&m=BrgFNl&s=BW9rcZD&u=C3YQM&z=EMkQID6&pt=change_detailsGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 150.171.28.10
                                                                                                                                                                https://u47113775.ct.sendgrid.net/ls/click?upn=u001.NLjCc2NrF5-2Fl1RHefgLH74dDCI-2FlQUMQCuknF0akr34-3DPZ74_Bz-2FoIC9YMuvgy8ZsoekpZ-2Fn96y0OCAueT5LjwQn-2FX25AbFWdd2iGOJMfOUDymLwSDnjLWUuKOfyExMHrLPQc6sWuvBEF4PT9PwlcB-2BK9NQmoQucfLOeGSzPQg4J-2Bvn2C-2FT7DBGI3L6HQml9TPdefbzANw58o8IwtiN3AMNw21dRhcIy1JE5InQL6ZhzyniB-2FPrKB2Vn9uUJ7Mm1QrvUZh95-2FIqg1tkHnn-2FLCgLCOHUCdp1zwu5x-2Fprfv3kPHwI33RA9-2FJGY9xYPl-2BGH4uHP30vXeaFOwuVkWjx1bpQcAiato1uxhbL8AJAqpgT-2Bg5yQp7xXBACsCORIJr0VehkYFdFdFkgZPx7KSQblwloMm5OUc-2B9bb1d0siCBq5u36Pp2iCgmhq5PmipxmWr1HvrLZkdUUXJjpaRdjjEopb-2Fhw3b-2BUOpmNbUIJywjWyMBcUA9ScKtkpotTga2qo5ZaX-2B7AVyqz8KXtUfTb8SopobzuOWPiU-2BhBa8i7lRIGGQBQZmYU1TWv5mQ8uRPPf-2FWdH9RREF8cMLDET4k24yu8dJdqteeATx8Jfw8MWOWehX6ZTxJWGswooAVOvW116fDJmFNO-2F-2BecR-2Fd9NmRwCYnnK4Bh3IM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 150.171.28.10
                                                                                                                                                                https://content.app-us1.com/1REPZ7/2024/09/30/ff91983f-ef4d-4288-b1e8-8d1ab94f757b.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 150.171.28.10
                                                                                                                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 150.171.28.10
                                                                                                                                                                https://www.allegiantair.com/deals//smsgiveawayGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 150.171.27.10
                                                                                                                                                                https://myworkspace183015a0ec.myclickfunnels.com/reviewdoc--96b32?preview=trueGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 150.171.27.10
                                                                                                                                                                https://vh.gskoffihoura.com/okta.vailhealth.org/oauth2/v1/authorize&client_id=okta-2b1959c8-bcc0-56ebGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 150.171.27.10
                                                                                                                                                                file.exeGet hashmaliciousMofksysBrowse
                                                                                                                                                                • 150.171.28.10

                                                                                                                                                                ASNs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                AMAZON-AESUShttps://www.dropbox.com/l/scl/AADL_v5DzsoHwkyegIhk6J0bQm3A7UWklCAGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 35.171.206.145
                                                                                                                                                                Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.193.227.236
                                                                                                                                                                https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 35.174.45.242
                                                                                                                                                                https://trk.mail.ru/c/kruxy7?clickid=mtg66f14a9e6633b800088f731w&mt_campaign=ss_mark_se_ios&mt_creat%20ive=m-%20se23.mp4&mt_gaid=&mt_idfa=&mt_network=mtg1206891918&mt_oaid=&mt_sub1=ss_mark_se_ios&mt_sub2=mtg12068%2091918&mt_sub3=1809824272&mt_sub5=ss_mark_se_iosGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 54.144.198.71
                                                                                                                                                                https://content.app-us1.com/1REPZ7/2024/09/30/ff91983f-ef4d-4288-b1e8-8d1ab94f757b.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 50.17.36.129
                                                                                                                                                                https://wtm.ventes-privees-du-jour.com/r/eNplj92OmzAQRp+GvQwYbGNfRBVNwgblh61I0jQ3kTEmOAXsgoFNnr6utFppVcnSSOd845mZXApCiJCbs5xhHwkaMq/EwEMCc1wCRjGl3MOeC0iAXArdEmJaepgUhBKOwoJCQIUgBJU+CwoB3NCFrnK/DfPKGN07QeT4sX3TNM0q1TRCd3IUM64aC2Xb805qI1XrBLENL33iewR4nu/4eDDNtVdDx4UVk6htjxh1cf9QjSjk0FjFdf2BOGs0k7f2v7xomKwt7VQuOuNAz4hatMLMcmEtH3pjs921lF1vWtb8Gxi1rfwia/bpfibb7WqXWVvr66gtcfzgmiyvtrwUfJ4+1qCs1GnU/YrCyR4TK60aFU3idQ8ntNjW9+hZoTo/m7dl4PjfT7UZq27RguCy3hwOoZ/CanOkZnFKm8Oe4SnLJU5uXnywf50j/fb0ft/+8Et0eC2nJEu3krdIqEyy22bEjzBN90n9rLTMyO7Ml8kK3n+dH7dwWhNYgGP6owiHUdD7eRVnLOlHu8Lx/ZJ2uwc/BY8jgXGUDvsXJueAIgDJX8NYskg=Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 35.173.107.214
                                                                                                                                                                https://taplink.cc/universalgrcGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 50.16.158.122
                                                                                                                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 3.211.168.14
                                                                                                                                                                (No subject) (82).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 50.19.89.137
                                                                                                                                                                https://www.allegiantair.com/deals//smsgiveawayGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 35.170.45.92
                                                                                                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUSELECTRONIC RECEIPT_Opcsa.htmlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                • 13.107.246.60
                                                                                                                                                                test.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                Play_VM-Now(Tina.lawvey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 13.107.246.44
                                                                                                                                                                https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 150.171.27.10
                                                                                                                                                                https://vwkugoia0yciq0buttompanj2.ntvultra.com/viciorhthvgh/forhwural/coupletri/QdhahVchT/yEjbKM/anNhbGFzQGhvbGxhbmRjby5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 13.107.246.45
                                                                                                                                                                Message_2477367.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 52.178.17.234
                                                                                                                                                                https://app.powerbi.com/Redirect?action=OpenLink&linkId=zdvBDOlnbh&ctid=fc5c5a9f-3ade-48e2-abb1-5450e9fb332d&pbi_source=linkShare_m365Notify&bookmarkGuid=5672cb10-cc42-4d8a-943e-29b95931de59&bookmarkUsage=1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 51.116.144.68
                                                                                                                                                                Swift_ach Complaints.sppgCQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 13.107.246.60
                                                                                                                                                                https://radiantlogics-my.sharepoint.com/:f:/g/personal/asharma_radiantlogics_onmicrosoft_com/ErrzGhClH-1EtQegMViR0ycByA4n0Sz6jougdCLyR4Fexw?e=sIngPRGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 52.104.130.55
                                                                                                                                                                https://rdhomes-my.sharepoint.com/:f:/g/personal/petrina_ryandesignerhomes_com_au/EtwntXraOOdMp3Nx1zZ6gF8Bf8aWSwNn9o_57nz1-Z9h0A?e=arAOsKGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 40.99.157.18
                                                                                                                                                                LIQUIDWEBUShttps://cganet.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 64.91.240.107
                                                                                                                                                                https://www.marketbeat.com/articles/music-streaming-site-spotify-temporarily-goes-down-2024-09-29/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletterclick&source=ARNDaily&AccountID=13091940&hash=99E2922EEB6FEC86743F5DB2C0E84BA5899D68F68F1472F885291F590EAD713452D3376C362A15DEDE29DFC4761637FD6FDD698F31176C60366847F610D6C32CGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 67.43.12.232
                                                                                                                                                                https://jogosderobloxdematazumbie.blogspot.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 72.52.179.174
                                                                                                                                                                http://mnnurses.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 67.43.2.222
                                                                                                                                                                https://forensicsresources.com/assigned/?circuit=vKCfkZacRekaJ2MpVK5sHZ5iyqGty2zqjKozRqUivHGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 67.227.158.102
                                                                                                                                                                jade.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                • 173.199.168.233
                                                                                                                                                                Quote 05-302.lnkGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 67.43.12.122
                                                                                                                                                                http://1118fc7.wcomhost.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 67.225.220.126
                                                                                                                                                                https://nsctpl.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 50.28.78.111
                                                                                                                                                                http://afilias-grs.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 72.52.179.174

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                28a2c9bd18a11de089ef85a160da29e4ELECTRONIC RECEIPT_Opcsa.htmlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206
                                                                                                                                                                Play_VM-Now(Tina.lawvey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206
                                                                                                                                                                https://www.dropbox.com/l/scl/AADL_v5DzsoHwkyegIhk6J0bQm3A7UWklCAGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206
                                                                                                                                                                https://k7qo.sarnerholz.cam/APRjVfmkGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206
                                                                                                                                                                https://0.pwsinc.shop/?MKPT=IncGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206
                                                                                                                                                                https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206
                                                                                                                                                                https://vwkugoia0yciq0buttompanj2.ntvultra.com/viciorhthvgh/forhwural/coupletri/QdhahVchT/yEjbKM/anNhbGFzQGhvbGxhbmRjby5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206
                                                                                                                                                                https://swissquotech.com/swissquote-2024.zipGet hashmaliciousPhisherBrowse
                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                • 13.85.23.206

                                                                                                                                                                Dropped Files

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                C:\Program Files (x86)\Kernel Outlook PST Viewer\is-I80GQ.tmppsmb.msiGet hashmaliciousUnknownBrowse

                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):45826952
                                                                                                                                                                  Entropy (8bit):4.443722663615569
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:786432:95EsDTVWmnN/qC903rwq7J+Z+p3I1vFh3dmnt:9X8FARmnt
                                                                                                                                                                  MD5:BC8F3E0E63BDABEE5917BBC545D16D31
                                                                                                                                                                  SHA1:D20252DF35ED4DA2F73329E7E0802DFC6FCDFA79
                                                                                                                                                                  SHA-256:20DC085C9DA2652FB17CEB5317A594828ACB0BE0EB909E0B083872C1FF40CC6F
                                                                                                                                                                  SHA-512:A7E5DE7879A4D2C83FA89C365F5DF03E3F7CA30367FD7311D36E1D4E441A9AA12B3C4DC269CEABE69029A2F4B8B9E47C6E310F476ABC6715E7FBEDDF9A2CECEA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,......k......k......./.......9.`...K.........>......k...............>..............+.....Rich....................PE..L...m..^......................<.....x.$......0....@..................................9......................................\..T....................*...............................................6..@............0.........@....................text...~........................... ..`.rdata.......0......................@..@.data........0...0..................@....rsrc................:..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\SelFolder.gif (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:GIF image data, version 89a, 92 x 92
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4872
                                                                                                                                                                  Entropy (8bit):7.660622815127442
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:DWU+uyGm/ggCxjwzvjdgvTirWp2RPf+9LlIeywLnBBj1HtZhRLX8JaA:D7yGOMgvjQGrx89LlIenLnj1jh588A
                                                                                                                                                                  MD5:603B90343F6DA348A2FF818D1BE0F9E1
                                                                                                                                                                  SHA1:A20834093C130692B02B08E1563EC2708FD1F4B8
                                                                                                                                                                  SHA-256:F648D23EFC04DDAB9FAE0918F930E71B11A75F751874CEA2F6AE2439E9C227A9
                                                                                                                                                                  SHA-512:CA63DF4A5ED03EC53DBABDD8DEC50671BDCEC0DC08806B766CF9582ED352FF1248F4296CCCD37441C574B19B8A5D82B6AC78A2ACDBF6C02CDE507A6D62D22B75
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:GIF89a\.\.........3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.....................!.......,....\.\........H......*\.....E.8q`..3F......>N....I..%........... ...p4.$I.........L#F..9....8L..1...i.t..P..z....(..P..&.z...R.L..i.). .,XHzg....-;...}`'.E.2.....y..T..F.^.y.B. .eV8r....$..\.u.b..

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\SelFolder.mht (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:news or mail, ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2687
                                                                                                                                                                  Entropy (8bit):5.7304891582655815
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:PpWKKqwluMg9zIU0ajtFcqbYKgxLOY7KJFpX/Oj8PPPbvczD09Y7Kb10cq5710c0:PWVuMgR0AYcYLFSpX/Jm0CW5i556Ms8I
                                                                                                                                                                  MD5:7243CAF4B7B075B338A11089E0F3840A
                                                                                                                                                                  SHA1:8E43754A18BCBA3C0E1DA0C4DF9FCF51D54EC485
                                                                                                                                                                  SHA-256:9B69F15F423A9B4ADA8F18E669723839C917BD17BABD53C66F234053DE6B1BB9
                                                                                                                                                                  SHA-512:CB7B36234192BACA6F480BFFB79B8F0B784E07C251C9B0DC0AF12AB3B86A2F1F6CD072500B2AF86B8E20ED0496749EB22489B11A6585AB732552C090CFDB12BB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:From: "Saved by Windows Internet Explorer 8"..Subject: Kernel for OST to PST..Date: Thu, 5 Aug 2010 09:16:45 +0530..MIME-Version: 1.0..Content-Type: multipart/related;...type="text/html";...boundary="----=_NextPart_000_0000_01CB347E.ECDB4DB0"..X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7600.16543....This is a multi-part message in MIME format.....------=_NextPart_000_0000_01CB347E.ECDB4DB0..Content-Type: text/html;...charset="iso-8859-1"..Content-Transfer-Encoding: quoted-printable..Content-Location: file://C:\Users\sandeep verma\Desktop\Kernel-for-Outlook\Welcome Screen\index.html....<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" =.."http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">..<HTML xmlns=3D"http://www.w3.org/1999/xhtml"><HEAD><TITLE>Kernel for =..OST to PST</TITLE>..<META content=3D"text/html; charset=3Diso-8859-1" =..http-equiv=3DContent-Type><LINK=20..rel=3Dstylesheet type=3Dtext/css=20..href=3D"file:///C:/Users/sandeep%20verma/Desktop/Kernel-for

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\arrow.gif (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:GIF image data, version 89a, 7 x 6
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                  Entropy (8bit):4.08690852559787
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:CFqBoRa1hESxlunpci9oHw:UNkhESjoSeZ
                                                                                                                                                                  MD5:3C416F18AB51DA444FFAD7A20FA05ABB
                                                                                                                                                                  SHA1:88DD59CF780E9D7D4E9EAB8435D6BFFE4F9A0BDA
                                                                                                                                                                  SHA-256:FA4597700E6F25CFC6C626B91CDB8B9554707CEC9571D0BB8DA004CE83977B49
                                                                                                                                                                  SHA-512:E6A2484C0C222A53610BBCC3A8F075473EE98E4DCA2E0F1FD91DF2AC91B6BBB4EE5E1655181700AE7CC43F41781BD6BCFDBFB75CFF773B443B938D3FAC377A83
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:GIF89a..............f....!.......,............'....`ZP.Q..;

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\completed.gif (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:GIF image data, version 89a, 48 x 48
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2315
                                                                                                                                                                  Entropy (8bit):7.778862150731305
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:JRruYNN9RV4/i2IGaqsQRZAKVSuvQp7e8BHqEb6HepH2KMu5nZ:jjWi7qlZBue8BHqQpWaZ
                                                                                                                                                                  MD5:0A7C751DB951AC43C1197B759C6A27F4
                                                                                                                                                                  SHA1:948AFD7E182F4CA883A919C3BB69DD09B22FCF46
                                                                                                                                                                  SHA-256:ED2B92FCCA4AD340D13EAA6535EFCEEFD1736CE8A461B684B6D0ABAFEBA1AA85
                                                                                                                                                                  SHA-512:E5029EF0815DD4AEC53BC3171805EE77EE93D763D1F2190B24C605B216B37F70D4D482B8F31FBE8FD2A922FC8979A819A1104E07930A60499873E5BAFD361ADF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:GIF89a0.0.......r.S.l3...;.;...l.\.......i.i...:.(......Y.C..././.s+...Z.Ya.1......m,..m<.*......t.t......I.I...c.K).)C.4...].Ms.[......e$..J.$E.!.......z*...q$...l..z#T.)...R.(B. ....i.y...z.N..l9.9r.G\.-Y.,...>...o.|.]:.....\.7#..............L.%Y.Y.......q.m.T...........d.2T.<i.E...:.:....\.{....,...r..t.......d.4....r..a.Z$......q............5.....Q.Q...x.\.}..........m.o.?....y....`.D.t...f...x.`.......vJ.13.................~.c.v.k.Vf.R......N.N......{.....s^.^.......l[.[..r..........o0.........h.Zi.8V.*...H.#...~.@..8..^.....v''..%}%.........f.3P.'G.#X.+O.'?........7.. ..(..0../.....`./.......h................B.)......5....yf.f..."."v.Uh.6o.o.......G.$'....8..0.!D.0T.T.....!..@.@J.Jt.t...?.3&.....Q.A.........................s.5....G.2...!.......,....0.0........H......*\....\..C B..v......F3".94FC9..4..G....<.DD!U.-...9.G[.*..=.7.e(D2.:....;..R."..*".>..\..N..,0bZ..h.d..C..%.z.(....~..|s.'....vdx.S"BAf.....\...e....2j.hyL...`.v..L.b^.s.C.y..%q

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\completed.html (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):540
                                                                                                                                                                  Entropy (8bit):5.352483524590014
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:hnMEwuiuX4w4vy4Wh96QclfVIhKuRIL8ApOCJKL67MvwlJRmvPGu:hMNmMvy4WvsqhKuiwAprKLQCwlJRe5
                                                                                                                                                                  MD5:6396663350F4B50869DD60B4132B2D0C
                                                                                                                                                                  SHA1:8617AB21BC3D4CF648F673FD42AE3C9D9422EE6B
                                                                                                                                                                  SHA-256:842D643C5B66E47F5925E5CDC1F1F8E91FC5425CF48CAF4D8E39F53CCDCD09A9
                                                                                                                                                                  SHA-512:6B3A62FDAF585D8B46332D84CBD0231EFA76BC0E4122777F10158D5A51EB1AE0E9ECF23E78D34E87AD2862D5E4B71D2DF65F864B6AB8A425DFCEB2F413AB6348
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />..<title>Kernel for Outlook PST Repair</title>..</head>..<body>..<div align="center" style=" margin:0 auto; font-family:Tahoma; font-size:12px; font-weight:bold; color:#000000; padding:50px 0;">Scanning process completed, please select item from tree to preview...</div>..</body>..</html>..

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-7173N.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2017
                                                                                                                                                                  Entropy (8bit):7.116258899514003
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:3e9gxraG1t1pMA77yxmQtljtblx1h37KsYB1uOUsK:3eWj9yZfv3yFK
                                                                                                                                                                  MD5:3D218E7512460BEA998BC70AC2EF6F14
                                                                                                                                                                  SHA1:557A68B85D336D2678D8EB08A06720B0B6062570
                                                                                                                                                                  SHA-256:2E4DBFA0914074B33EE8859D343857964F7212252E9215F2BF1826DBA8D22D89
                                                                                                                                                                  SHA-512:6F544F9A4D95A5CA4514E18ED28A42F24BB79B1D169820C8DC82265EE3DD407D3CD677BD15414906FD4FF5B3B6E5910A277439FD8EA79D3C1C2CE82BE8B6A2D4
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:GIF89a . ............................!..NETSCAPE2.0.....!.......,.... . ...fX...0.I..8....VpB)|C(.l.b .4...@.v..... ..H..yl.5....>.../..=c.....Y..).\{.a.[..|)$...y.Y\........!.......,.... . ...gX...0.I..8....VpB)|C(.l.b .4...@.v..... .B.2.Lf.L.). ....Q..p.......@n'...e..-Ey........,^........!.......,.... . ...jX...0.I..8....VpB)|C(.l.b .4...@.v..........q.Df.L...6....Q.2p....b.a...<.r;..].U)(.]B2.../.,c........!.......,.... . ...iX...0.I..8....VpB)|C(.l.b .4...@.v.........@r.<2.Kg.*uD....a....{....@n...u.....^P.{.dB.'/.,[........!.......,.... . ...iX...0.I..8....VpB)|C(.l.b .4...@.v......1..2y.0....eF#..e...n.8.V..l..].r....V.P...dB.!/.,b........!.......,.... . ...hX...0.I..8....VpB)|C(.l.b .4...@.v......1..,y.0.M.3.2.$.+..m...n......+.....v...<T...C^.,b........!.......,.... . ...iX...0.I..8....VpB)|C(.l.b .4...@.v......1.cP.H:.L...uF!....]..P-qF...Y....(..L.P..dB.#/.,]........!.......,.... . ...iX...0.I..8....VpB)|C(.l.b .4...@.v......1..

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-73PA0.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:GIF image data, version 89a, 92 x 92
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4872
                                                                                                                                                                  Entropy (8bit):7.660622815127442
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:DWU+uyGm/ggCxjwzvjdgvTirWp2RPf+9LlIeywLnBBj1HtZhRLX8JaA:D7yGOMgvjQGrx89LlIenLnj1jh588A
                                                                                                                                                                  MD5:603B90343F6DA348A2FF818D1BE0F9E1
                                                                                                                                                                  SHA1:A20834093C130692B02B08E1563EC2708FD1F4B8
                                                                                                                                                                  SHA-256:F648D23EFC04DDAB9FAE0918F930E71B11A75F751874CEA2F6AE2439E9C227A9
                                                                                                                                                                  SHA-512:CA63DF4A5ED03EC53DBABDD8DEC50671BDCEC0DC08806B766CF9582ED352FF1248F4296CCCD37441C574B19B8A5D82B6AC78A2ACDBF6C02CDE507A6D62D22B75
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:GIF89a\.\.........3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.....................!.......,....\.\........H......*\.....E.8q`..3F......>N....I..%........... ...p4.$I.........L#F..9....8L..1...i.t..P..z....(..P..&.z...R.L..i.). .,XHzg....-;...}`'.E.2.....y..T..F.^.y.B. .eV8r....$..\.u.b..

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-A2NJ6.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):540
                                                                                                                                                                  Entropy (8bit):5.352483524590014
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:hnMEwuiuX4w4vy4Wh96QclfVIhKuRIL8ApOCJKL67MvwlJRmvPGu:hMNmMvy4WvsqhKuiwAprKLQCwlJRe5
                                                                                                                                                                  MD5:6396663350F4B50869DD60B4132B2D0C
                                                                                                                                                                  SHA1:8617AB21BC3D4CF648F673FD42AE3C9D9422EE6B
                                                                                                                                                                  SHA-256:842D643C5B66E47F5925E5CDC1F1F8E91FC5425CF48CAF4D8E39F53CCDCD09A9
                                                                                                                                                                  SHA-512:6B3A62FDAF585D8B46332D84CBD0231EFA76BC0E4122777F10158D5A51EB1AE0E9ECF23E78D34E87AD2862D5E4B71D2DF65F864B6AB8A425DFCEB2F413AB6348
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />..<title>Kernel for Outlook PST Repair</title>..</head>..<body>..<div align="center" style=" margin:0 auto; font-family:Tahoma; font-size:12px; font-weight:bold; color:#000000; padding:50px 0;">Scanning process completed, please select item from tree to preview...</div>..</body>..</html>..

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-GCUB4.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:GIF image data, version 89a, 7 x 6
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                  Entropy (8bit):4.08690852559787
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:CFqBoRa1hESxlunpci9oHw:UNkhESjoSeZ
                                                                                                                                                                  MD5:3C416F18AB51DA444FFAD7A20FA05ABB
                                                                                                                                                                  SHA1:88DD59CF780E9D7D4E9EAB8435D6BFFE4F9A0BDA
                                                                                                                                                                  SHA-256:FA4597700E6F25CFC6C626B91CDB8B9554707CEC9571D0BB8DA004CE83977B49
                                                                                                                                                                  SHA-512:E6A2484C0C222A53610BBCC3A8F075473EE98E4DCA2E0F1FD91DF2AC91B6BBB4EE5E1655181700AE7CC43F41781BD6BCFDBFB75CFF773B443B938D3FAC377A83
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:GIF89a..............f....!.......,............'....`ZP.Q..;

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-GK0ST.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:GIF image data, version 89a, 48 x 48
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2315
                                                                                                                                                                  Entropy (8bit):7.778862150731305
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:JRruYNN9RV4/i2IGaqsQRZAKVSuvQp7e8BHqEb6HepH2KMu5nZ:jjWi7qlZBue8BHqQpWaZ
                                                                                                                                                                  MD5:0A7C751DB951AC43C1197B759C6A27F4
                                                                                                                                                                  SHA1:948AFD7E182F4CA883A919C3BB69DD09B22FCF46
                                                                                                                                                                  SHA-256:ED2B92FCCA4AD340D13EAA6535EFCEEFD1736CE8A461B684B6D0ABAFEBA1AA85
                                                                                                                                                                  SHA-512:E5029EF0815DD4AEC53BC3171805EE77EE93D763D1F2190B24C605B216B37F70D4D482B8F31FBE8FD2A922FC8979A819A1104E07930A60499873E5BAFD361ADF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:GIF89a0.0.......r.S.l3...;.;...l.\.......i.i...:.(......Y.C..././.s+...Z.Ya.1......m,..m<.*......t.t......I.I...c.K).)C.4...].Ms.[......e$..J.$E.!.......z*...q$...l..z#T.)...R.(B. ....i.y...z.N..l9.9r.G\.-Y.,...>...o.|.]:.....\.7#..............L.%Y.Y.......q.m.T...........d.2T.<i.E...:.:....\.{....,...r..t.......d.4....r..a.Z$......q............5.....Q.Q...x.\.}..........m.o.?....y....`.D.t...f...x.`.......vJ.13.................~.c.v.k.Vf.R......N.N......{.....s^.^.......l[.[..r..........o0.........h.Zi.8V.*...H.#...~.@..8..^.....v''..%}%.........f.3P.'G.#X.+O.'?........7.. ..(..0../.....`./.......h................B.)......5....yf.f..."."v.Uh.6o.o.......G.$'....8..0.!D.0T.T.....!..@.@J.Jt.t...?.3&.....Q.A.........................s.5....G.2...!.......,....0.0........H......*\....\..C B..v......F3".94FC9..4..G....<.DD!U.-...9.G[.*..=.7.e(D2.:....;..R."..*".>..\..N..,0bZ..h.d..C..%.z.(....~..|s.'....vdx.S"BAf.....\...e....2j.hyL...`.v..L.b^.s.C.y..%q

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-I80GQ.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):55808
                                                                                                                                                                  Entropy (8bit):6.674751102258532
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:T2zJ1f1Q4HroGEXRKQ6CthnToIfnIOrIOnXK:qPlHrARKQ6YTBfJdnXK
                                                                                                                                                                  MD5:3ECFE1BAEAB591769664567C4E653E6F
                                                                                                                                                                  SHA1:1523AE71CA322671022B297E19C8ACABE9F2105D
                                                                                                                                                                  SHA-256:8AAF9E851021D1AFAB9E2B93C9E796D37DD31C114A76476E6C00BD8931EE9446
                                                                                                                                                                  SHA-512:F52E5156B7A179F523A6B7E43B88E73271DAC18F5F21DFAD8CADDFA199471E41D25772C2D7B6AB4E34234D338E7FD72EBE8AD70946FC6126F1A81C9D085832E6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                  • Filename: psmb.msi, Detection: malicious, Browse
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.k..l.}.l.}.l.}zs.}.l.}.l.}.l.}ws.}.l.}ws.}.l.}.p.}.l.}.`Z}.l.}.`Y}.l.}.g[}.l.}.`_}.l.}Rich.l.}........................PE..L....g.?...........!.........R......J........................................ ......Sw..................................]...h...<.......................................................................................T............................text............................... ..`.rdata..MF.......H..................@..@.data...d...........................@....rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-IGNSG.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):747685
                                                                                                                                                                  Entropy (8bit):6.522076332906403
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:ZsMLIMoi3rPR37dzHRA6nX0D9OKWbO7SERb5rNUK1bce0oyx9xS:6McMoi3rPR37dzHRA6G7WbuSEmK50oy0
                                                                                                                                                                  MD5:2CA5B3044A7D5FCB3DE1B3AA9B37DCBB
                                                                                                                                                                  SHA1:2754ABFEC7E934FDA6A71BC16CA3C67269B627E0
                                                                                                                                                                  SHA-256:39185D5BA2D3D7A272E2AB01DEABB8DCAE06665F613401DFD3B4028D0E8E6E6D
                                                                                                                                                                  SHA-512:0F8AAD61AD7F1D1689657DAD83AED90B43309CEED68A72DE8106801525E8FDAB74F17BC8B2D23B8F172C0E66C9D0AAD917D129891873215C22ED1BB0B701ABBA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................@............@......@...............................&......hb...................@...............................0......................................................CODE............................... ..`DATA.... ...........................@...BSS......................................idata...&.......(..................@....tls......... ...........................rdata.......0......................@..P.reloc..P....@......................@..P.rsrc...hb.......d..................@..P.....................r..............@..P........................................................................................................................................

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-O0368.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:ISO-8859 text, with very long lines (820), with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4018
                                                                                                                                                                  Entropy (8bit):4.484394135748789
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:dDrmeid9I3IcpnsM1dscpeqv/WY2Q/HQPapfkqgyBVRqY8k1OHHchoUYKShSLx9h:BmJINHXpBGbQ4OXyYjvhH950v1IBL
                                                                                                                                                                  MD5:38370CD9A614F3683E28F8579F07EFBC
                                                                                                                                                                  SHA1:CE036E5A005959C17F1922672CC446243282DFA1
                                                                                                                                                                  SHA-256:EE1D3CD970931C4993D3BED16FBD86325E226CB7F0FB637E13FEC19AEEEA24EB
                                                                                                                                                                  SHA-512:9BC84CCEC7C2FC55123BE91EE57EB01D6D48F412FA84066038279FCCC91BA0817516F2BA63BEABEDA6E342A810910283811E386AA81E6D7A04BED08210737569
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:Kernel Outlook PST Viewer License Agreement....Kernel Outlook PST Viewer Copyright . by KernelApps Pvt.Ltd. ..All rights reserved. ....Your Agreement to this License ....You should carefully read the following terms and conditions before using, installing or distributing this software, unless you have a different license agreement signed by KernelApps Pvt.Ltd. ....If you do not agree to all of the terms and conditions of this License, then: do not copy, install, distribute or use any copy of Kernel Outlook PST Viewer with which this License is included. ....The terms and conditions of this License describe the permitted use and users of each Licensed Copy of Kernel Outlook PST Viewer. For purposes of this License, if you have a valid single-copy license, you have the right to use a single Licensed Copy of Kernel Outlook PST Viewer; if you or your organization has a valid multi-user license, then you or your organization have - has the right to use up to a number of Licensed Copies of

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-TAPQG.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):45826952
                                                                                                                                                                  Entropy (8bit):4.443722663615569
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:786432:95EsDTVWmnN/qC903rwq7J+Z+p3I1vFh3dmnt:9X8FARmnt
                                                                                                                                                                  MD5:BC8F3E0E63BDABEE5917BBC545D16D31
                                                                                                                                                                  SHA1:D20252DF35ED4DA2F73329E7E0802DFC6FCDFA79
                                                                                                                                                                  SHA-256:20DC085C9DA2652FB17CEB5317A594828ACB0BE0EB909E0B083872C1FF40CC6F
                                                                                                                                                                  SHA-512:A7E5DE7879A4D2C83FA89C365F5DF03E3F7CA30367FD7311D36E1D4E441A9AA12B3C4DC269CEABE69029A2F4B8B9E47C6E310F476ABC6715E7FBEDDF9A2CECEA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,......k......k......./.......9.`...K.........>......k...............>..............+.....Rich....................PE..L...m..^......................<.....x.$......0....@..................................9......................................\..T....................*...............................................6..@............0.........@....................text...~........................... ..`.rdata.......0......................@..@.data........0...0..................@....rsrc................:..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\is-TEVFK.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:news or mail, ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2687
                                                                                                                                                                  Entropy (8bit):5.7304891582655815
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:PpWKKqwluMg9zIU0ajtFcqbYKgxLOY7KJFpX/Oj8PPPbvczD09Y7Kb10cq5710c0:PWVuMgR0AYcYLFSpX/Jm0CW5i556Ms8I
                                                                                                                                                                  MD5:7243CAF4B7B075B338A11089E0F3840A
                                                                                                                                                                  SHA1:8E43754A18BCBA3C0E1DA0C4DF9FCF51D54EC485
                                                                                                                                                                  SHA-256:9B69F15F423A9B4ADA8F18E669723839C917BD17BABD53C66F234053DE6B1BB9
                                                                                                                                                                  SHA-512:CB7B36234192BACA6F480BFFB79B8F0B784E07C251C9B0DC0AF12AB3B86A2F1F6CD072500B2AF86B8E20ED0496749EB22489B11A6585AB732552C090CFDB12BB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:From: "Saved by Windows Internet Explorer 8"..Subject: Kernel for OST to PST..Date: Thu, 5 Aug 2010 09:16:45 +0530..MIME-Version: 1.0..Content-Type: multipart/related;...type="text/html";...boundary="----=_NextPart_000_0000_01CB347E.ECDB4DB0"..X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7600.16543....This is a multi-part message in MIME format.....------=_NextPart_000_0000_01CB347E.ECDB4DB0..Content-Type: text/html;...charset="iso-8859-1"..Content-Transfer-Encoding: quoted-printable..Content-Location: file://C:\Users\sandeep verma\Desktop\Kernel-for-Outlook\Welcome Screen\index.html....<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" =.."http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">..<HTML xmlns=3D"http://www.w3.org/1999/xhtml"><HEAD><TITLE>Kernel for =..OST to PST</TITLE>..<META content=3D"text/html; charset=3Diso-8859-1" =..http-equiv=3DContent-Type><LINK=20..rel=3Dstylesheet type=3Dtext/css=20..href=3D"file:///C:/Users/sandeep%20verma/Desktop/Kernel-for

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\license.txt (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:ISO-8859 text, with very long lines (820), with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4018
                                                                                                                                                                  Entropy (8bit):4.484394135748789
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:dDrmeid9I3IcpnsM1dscpeqv/WY2Q/HQPapfkqgyBVRqY8k1OHHchoUYKShSLx9h:BmJINHXpBGbQ4OXyYjvhH950v1IBL
                                                                                                                                                                  MD5:38370CD9A614F3683E28F8579F07EFBC
                                                                                                                                                                  SHA1:CE036E5A005959C17F1922672CC446243282DFA1
                                                                                                                                                                  SHA-256:EE1D3CD970931C4993D3BED16FBD86325E226CB7F0FB637E13FEC19AEEEA24EB
                                                                                                                                                                  SHA-512:9BC84CCEC7C2FC55123BE91EE57EB01D6D48F412FA84066038279FCCC91BA0817516F2BA63BEABEDA6E342A810910283811E386AA81E6D7A04BED08210737569
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:Kernel Outlook PST Viewer License Agreement....Kernel Outlook PST Viewer Copyright . by KernelApps Pvt.Ltd. ..All rights reserved. ....Your Agreement to this License ....You should carefully read the following terms and conditions before using, installing or distributing this software, unless you have a different license agreement signed by KernelApps Pvt.Ltd. ....If you do not agree to all of the terms and conditions of this License, then: do not copy, install, distribute or use any copy of Kernel Outlook PST Viewer with which this License is included. ....The terms and conditions of this License describe the permitted use and users of each Licensed Copy of Kernel Outlook PST Viewer. For purposes of this License, if you have a valid single-copy license, you have the right to use a single Licensed Copy of Kernel Outlook PST Viewer; if you or your organization has a valid multi-user license, then you or your organization have - has the right to use up to a number of Licensed Copies of

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\unins000.dat

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:InnoSetup Log Kernel Outlook PST Viewer, version 0x30, 6428 bytes, 888683\user, "C:\Program Files (x86)\Kernel Outlook PST Viewer"
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6428
                                                                                                                                                                  Entropy (8bit):4.92347426517487
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:CqtRNHf/5TEf2ZPTweghPkHdkW8Rf1F4cVSQs0LnpctOzRa6abtQXRBiL3JtFCtn:3zH35Td9cVSQ1nr+Q
                                                                                                                                                                  MD5:99CB1B4C6E4E77F5D4E30AD7392265B8
                                                                                                                                                                  SHA1:336B6ED387EB063E8565ED58C8A1DAFB2FAEAF93
                                                                                                                                                                  SHA-256:460502711D8D4B218DC9F8B6C666E224CFEA65710A5680EC5A1AF0207A66B71F
                                                                                                                                                                  SHA-512:E7523F187B7D8076D4AA38872B73C034E11EBA1D8440D9231156ADB25FEBED4BCDA1B576DAC90381975193BC9A89B2B74D721B20C0B3DD401C5BADA3DB95A5CD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:Inno Setup Uninstall Log (b)....................................Kernel Outlook PST Viewer.......................................................................................................Kernel Outlook PST Viewer.......................................................................................................0...........%...............................................................................................................$...........E>........P....888683.user0C:\Program Files (x86)\Kernel Outlook PST Viewer.............(.... ..........M.IFPS.............................................................................................................BOOLEAN.............................................................b...........!MAIN....-1..%...dll:Kernel32.dll.GetBinaryType........c...........ISOS64....16..IS64BITINSTALLMODE.......ISWIN64..................ISOUTLOOKVERSION64....16..REGQUERYSTRINGVALUE......................ISOSSERVER2000....16..GETWINDOWSVERSIONEX.....

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\unins000.exe (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):747685
                                                                                                                                                                  Entropy (8bit):6.522076332906403
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:ZsMLIMoi3rPR37dzHRA6nX0D9OKWbO7SERb5rNUK1bce0oyx9xS:6McMoi3rPR37dzHRA6G7WbuSEmK50oy0
                                                                                                                                                                  MD5:2CA5B3044A7D5FCB3DE1B3AA9B37DCBB
                                                                                                                                                                  SHA1:2754ABFEC7E934FDA6A71BC16CA3C67269B627E0
                                                                                                                                                                  SHA-256:39185D5BA2D3D7A272E2AB01DEABB8DCAE06665F613401DFD3B4028D0E8E6E6D
                                                                                                                                                                  SHA-512:0F8AAD61AD7F1D1689657DAD83AED90B43309CEED68A72DE8106801525E8FDAB74F17BC8B2D23B8F172C0E66C9D0AAD917D129891873215C22ED1BB0B701ABBA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................@............@......@...............................&......hb...................@...............................0......................................................CODE............................... ..`DATA.... ...........................@...BSS......................................idata...&.......(..................@....tls......... ...........................rdata.......0......................@..P.reloc..P....@......................@..P.rsrc...hb.......d..................@..P.....................r..............@..P........................................................................................................................................

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\waiting.gif (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2017
                                                                                                                                                                  Entropy (8bit):7.116258899514003
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:3e9gxraG1t1pMA77yxmQtljtblx1h37KsYB1uOUsK:3eWj9yZfv3yFK
                                                                                                                                                                  MD5:3D218E7512460BEA998BC70AC2EF6F14
                                                                                                                                                                  SHA1:557A68B85D336D2678D8EB08A06720B0B6062570
                                                                                                                                                                  SHA-256:2E4DBFA0914074B33EE8859D343857964F7212252E9215F2BF1826DBA8D22D89
                                                                                                                                                                  SHA-512:6F544F9A4D95A5CA4514E18ED28A42F24BB79B1D169820C8DC82265EE3DD407D3CD677BD15414906FD4FF5B3B6E5910A277439FD8EA79D3C1C2CE82BE8B6A2D4
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:GIF89a . ............................!..NETSCAPE2.0.....!.......,.... . ...fX...0.I..8....VpB)|C(.l.b .4...@.v..... ..H..yl.5....>.../..=c.....Y..).\{.a.[..|)$...y.Y\........!.......,.... . ...gX...0.I..8....VpB)|C(.l.b .4...@.v..... .B.2.Lf.L.). ....Q..p.......@n'...e..-Ey........,^........!.......,.... . ...jX...0.I..8....VpB)|C(.l.b .4...@.v..........q.Df.L...6....Q.2p....b.a...<.r;..].U)(.]B2.../.,c........!.......,.... . ...iX...0.I..8....VpB)|C(.l.b .4...@.v.........@r.<2.Kg.*uD....a....{....@n...u.....^P.{.dB.'/.,[........!.......,.... . ...iX...0.I..8....VpB)|C(.l.b .4...@.v......1..2y.0....eF#..e...n.8.V..l..].r....V.P...dB.!/.,b........!.......,.... . ...hX...0.I..8....VpB)|C(.l.b .4...@.v......1..,y.0.M.3.2.$.+..m...n......+.....v...<T...C^.,b........!.......,.... . ...iX...0.I..8....VpB)|C(.l.b .4...@.v......1.cP.H:.L...uF!....]..P-qF...Y....(..L.P..dB.#/.,]........!.......,.... . ...iX...0.I..8....VpB)|C(.l.b .4...@.v......1..

                                                                                                                                                                  C:\Program Files (x86)\Kernel Outlook PST Viewer\zlib1.dll (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):55808
                                                                                                                                                                  Entropy (8bit):6.674751102258532
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:T2zJ1f1Q4HroGEXRKQ6CthnToIfnIOrIOnXK:qPlHrARKQ6YTBfJdnXK
                                                                                                                                                                  MD5:3ECFE1BAEAB591769664567C4E653E6F
                                                                                                                                                                  SHA1:1523AE71CA322671022B297E19C8ACABE9F2105D
                                                                                                                                                                  SHA-256:8AAF9E851021D1AFAB9E2B93C9E796D37DD31C114A76476E6C00BD8931EE9446
                                                                                                                                                                  SHA-512:F52E5156B7A179F523A6B7E43B88E73271DAC18F5F21DFAD8CADDFA199471E41D25772C2D7B6AB4E34234D338E7FD72EBE8AD70946FC6126F1A81C9D085832E6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.k..l.}.l.}.l.}zs.}.l.}.l.}.l.}ws.}.l.}ws.}.l.}.p.}.l.}.`Z}.l.}.`Y}.l.}.g[}.l.}.`_}.l.}Rich.l.}........................PE..L....g.?...........!.........R......J........................................ ......Sw..................................]...h...<.......................................................................................T............................text............................... ..`.rdata..MF.......H..................@..@.data...d...........................@....rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.lnk

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 1 14:26:40 2024, mtime=Tue Oct 1 14:26:41 2024, atime=Thu Apr 9 22:08:40 2020, length=45826952, window=hide
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1302
                                                                                                                                                                  Entropy (8bit):4.612131833069017
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:8mjHcy/2EmdOEhYNRT9nMpT9kUA0PFWmdLT9ULT9pdLT9qUUf3qyFm:8moy/pmdO7RTOT6j0PFWmdLTqLT7dLTC
                                                                                                                                                                  MD5:FDCD2279BBC6368D32E8AC23F2A0099B
                                                                                                                                                                  SHA1:1EEB1C548D1D1176B22D78B68CAD5C58146A99FD
                                                                                                                                                                  SHA-256:7B2AA57192470241511D978D1474F67A438E3D6AA4DEB40E8D2EF6E1948160C6
                                                                                                                                                                  SHA-512:AE6B38CB0C0304D18618036558A4A715AA113E21BD16E37D825CCAB4738612273784F90C75BB3535A338FC49FF05248BEE35080A611425109F9BC1091879448A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:L..................F.... ...?..P.....9.P.....L.......C...........................P.O. .:i.....+00.../C:\.....................1.....AYA{..PROGRA~2.........O.IAYA{....................V......-.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....|.1.....AYV{..KERNEL~1..d......AYU{AYV{....>........................K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.......2..C...P.. .KERNEL~1.EXE..l......AYU{AYU{.............................K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r...e.x.e.......}...............-.......|...........~E.......C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe..].....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.........*................@Z|...K.J.........`.......

                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel Outlook PST Viewer\Uninstall Kernel Outlook PST Viewer .lnk

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 1 14:26:40 2024, mtime=Tue Oct 1 14:26:40 2024, atime=Tue Oct 1 14:26:11 2024, length=747685, window=hide
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1217
                                                                                                                                                                  Entropy (8bit):4.642024152121031
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:8mG12/EVkdOEhYNRT9MLmRYAywPFQdLT9Y9dLT9qUUftKoqyFm:8mG12cWdO7RT1/1PFQdLTq9dLTh+KxyF
                                                                                                                                                                  MD5:23BF8EAAA4A1B7D2A3D86E4390D82BD7
                                                                                                                                                                  SHA1:87480388752F635FA04149F32C1D72F1D66574AA
                                                                                                                                                                  SHA-256:0457406B7A3E9DB3781C8B72CC9B57E857B564A16B2E5F0414237478BBB56D10
                                                                                                                                                                  SHA-512:DDDE516DC26F2D29F2671795CA62D6165DFB7B1C40FF5C85ACD4903497B48AAED242707243EBE7855A59A2B29ED3DC6E2C4CCAB35547C852E1B56F51FFFD276D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:L..................F.... ....@.O....'..O.......>.....h...........................P.O. .:i.....+00.../C:\.....................1.....AYU{..PROGRA~2.........O.IAYV{....................V......-.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....|.1.....AYV{..KERNEL~1..d......AYU{AYV{....>........................K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.....f.2..h..AYF{ .unins000.exe..J......AYU{AYU{...........................dF.u.n.i.n.s.0.0.0...e.x.e.......l...............-.......k...........~E.......C:\Program Files (x86)\Kernel Outlook PST Viewer\unins000.exe..L.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.\.u.n.i.n.s.0.0.0...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.........*................@Z|...K.J.........`.......X.......888683...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,...

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stylesheet.css

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):769
                                                                                                                                                                  Entropy (8bit):5.2434811136862525
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:S1huchqF5vT1huch9h/XZMFhuchiVPs121hunhQPb2b:S10cW5710c7MF0cYs410nGu
                                                                                                                                                                  MD5:6E74D8F6D640935B95056762600AAED3
                                                                                                                                                                  SHA1:5C2D57A70E13D3D21BB2C7EC08AC14359F2FB208
                                                                                                                                                                  SHA-256:17868038E39E07421B7FE191ACE2049B9A9893C370FFFBB533915A9446C1A296
                                                                                                                                                                  SHA-512:6BF6C18A0DE59B3EC918B69598C83C9961700109B50FB5066586CBCA1123BEEC9A20E88EBFCE595C675BEF5227094C42E82F3F37A71376310D02EF67DCDD1141
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:BODY {...PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: Tahoma; PADDING-TOP: 0px..}...container {...MARGIN: 0px auto; WIDTH: 90%..}..H1 {...PADDING-BOTTOM: 10px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: #3B90BE; FONT-SIZE: 19px; FONT-WEIGHT: bold; PADDING-TOP: 10px..}...content {...COLOR: #3B90BE; FONT-SIZE: 12px..}...content UL {...PADDING-BOTTOM: 5px; LIST-STYLE-TYPE: none; MARGIN: 0px 0px 0px 30px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: none; PADDING-TOP: 5px..}...content UL LI {...PADDING-BOTTOM: 0px; LINE-HEIGHT: 24px; MARGIN: 0px; PADDING-LEFT: 12px; PADDING-RIGHT: 0px; BACKGROUND: url(../img/arrow.gif) no-repeat 0% 50%; FONT-SIZE: 12px; FONT-WEIGHT: normal; PADDING-TOP: 0px..}..

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\wbk8331.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):958
                                                                                                                                                                  Entropy (8bit):5.43493551941288
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:W7cOFcvy4bYKnqi1RvAWv6E0HAYdAkKJVXm8OVcQ3w53/qWysFdbvQtX:mFcqeYKnqe3Y7KJVXlOj8PPPbv4
                                                                                                                                                                  MD5:ECAAF4109A7616C347D1C9C1628E59EF
                                                                                                                                                                  SHA1:A515B5933D9E6EF1CC512F83141C86C721A7ECAA
                                                                                                                                                                  SHA-256:A40F5A3036082BB882521ADCBCBF581EE95FF9D174280E92C47623C352048E8A
                                                                                                                                                                  SHA-512:078D223202CC4142F1F33DED30F234381E741A4006723DA59095770F099C5FCB75DBE8F43597C200D1E6DBF596D5D571EB155E05203EA24B7AF3D2965C5E056E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">..<HTML xmlns="http://www.w3.org/1999/xhtml"><HEAD><TITLE>Kernel for OST to PST</TITLE>..<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type><LINK ..rel=stylesheet type=text/css ..href="file:///C:/Users/sandeep%20verma/Desktop/Kernel-for-Outlook/Welcome%20Screen/css/stylesheet.css">..<META name=GENERATOR content="MSHTML 8.00.7600.16588"></HEAD>..<BODY>..<DIV class=container>..<DIV class=content>..<H1>Process to view PST Files</H1>..<UL>.. <LI>Select PST file from menu or by clicking on Select file button on toolbar and click Next button. </LI>..<LI>Software will scan selected PST file and show the folders in left tree</LI>....<LI>Click on any folder in the left tree to view its mails and other items.</LI>....<LI>Click on any mail to view its content.</LI>....<LI></LI>.. </UL></DIV></DIV></BODY></HTML>..

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BCG8871.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):920
                                                                                                                                                                  Entropy (8bit):2.6302826136469486
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:w4WnDE/jNuZqRh30rM30qoG30VEv+rK30D1H8306EOsNDB30pXEvk/u130/EwY3i:wRyjNuARIg+11YKDk/JEwEZcJ
                                                                                                                                                                  MD5:F2B5434D52D96CAC4C34F42498F38A7A
                                                                                                                                                                  SHA1:820CC2C32E760F32E139AAB76748F9BEA37D9D91
                                                                                                                                                                  SHA-256:E21D3404AF91BB7C5F4C43161B4787B54922B550AB31219B90ACBD1E0AA91611
                                                                                                                                                                  SHA-512:C44AB394203C72AEBDC9FA6F6BDE4C4FB235BCE71666CD6F67825976D14410E365ECBD9184AFF539D8FFF5F051B69703D4973A6DF223727ABA0B6BF40099A379
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:. ..............CBCGPToolbarMenuButton................&.F.i.l.e....................................._...............&.S.e.l.e.c.t. .F.i.l.e.........C.t.r.l.+.R.....................................\...............&.S.a.v.e...C.t.r.l.+.S.....................................A...............E.&.x.i.t.....................................................&.V.i.e.w.....................................................&.S.t.a.t.u.s. .B.a.r.....................................................T.a.s.k. .B.a.r.....................................................F.i.n.d.....................................o...............&.F.i.n.d. .M.e.s.s.a.g.e.....................................................&.H.e.l.p.....................................@...............A.b.o.u.t.....................................a...............S.o.f.t.w.a.r.e. .&.H.e.l.p...C.t.r.l.+.H...........................................M.e.n.u. .B.a.r.....

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BCG8882.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):920
                                                                                                                                                                  Entropy (8bit):2.5777993331526945
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:w4WnDE/jIQuZqRO0W3f0qoG30VEv+rK30D1H8306E1NsNDu0pXEvk/u130vNEwri:wRyjIQuAR0t+11FKqk/rEwLZcJ
                                                                                                                                                                  MD5:E889E853CBDD246C16307EC32A044AB6
                                                                                                                                                                  SHA1:98BC77F842A4C31E079D51B5C53EF825053E6CDA
                                                                                                                                                                  SHA-256:497E5F95FC32B1685BB225AB1CC69174EC47BD830F115119DC4610A2B488ECE9
                                                                                                                                                                  SHA-512:308AD86BF3FB96A1C53F34834E4D3B1B22548D428B75CB81B95B1FFD0197E5707D590C7369C0BC735B7FCAF2655B3CD11688D831173E4D8608AE79A7885713D3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:. ..............CBCGPToolbarMenuButton................&.F.i.l.e....................................._...............&.S.e.l.e.c.t. .F.i.l.e.........C.t.r.l.+.R.....................................\...............&.S.a.v.e...C.t.r.l.+.S.....................................A...............E.&.x.i.t.....................................................&.V.i.e.w.....................................................&.S.t.a.t.u.s. .B.a.r.....................................................T.a.s.k. .B.a.r.....................................................F.i.n.d.....................................o...............&.F.i.n.d. .M.e.s.s.a.g.e.....................................................&.H.e.l.p.....................................@...............A.b.o.u.t.....................................a...............S.o.f.t.w.a.r.e. .&.H.e.l.p...C.t.r.l.+.H...........................................M.e.n.u. .B.a.r.....

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-1BHTD.tmp\_isetup\_setup64.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6144
                                                                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\freekernelpstviewer.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):736256
                                                                                                                                                                  Entropy (8bit):6.513555283208715
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:RsMLIMoi3rPR37dzHRA6nX0D9OKWbO7SERb5rNUK1bce0oyx9xi:yMcMoi3rPR37dzHRA6G7WbuSEmK50oyM
                                                                                                                                                                  MD5:94A04BEE414E9B518666B1303AAA6AE2
                                                                                                                                                                  SHA1:E499FCE3E7DAE23C6AD47BC336FC2B5E307D17BB
                                                                                                                                                                  SHA-256:AD46BD7DE5DEC1B864C4BA2FD064A5323BFEDD7C59CDBEC1FA56A8B1757E7CA3
                                                                                                                                                                  SHA-512:40699581D20FCE870CDF1485665A6CCEF488E16C8885E808AFC7FFE1DF6A78D5A4F0295DA65CF1642EA0DCBB944BD5E57AA0E3D562FE924A9BC64C17486A2D87
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................@............@......@...............................&......hb...................@...............................0......................................................CODE............................... ..`DATA.... ...........................@...BSS......................................idata...&.......(..................@....tls......... ...........................rdata.......0......................@..P.reloc..P....@......................@..P.rsrc...hb.......d..................@..P.....................r..............@..P........................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF24F34BCB53784E18.TMP

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DFDD7E1EC1D3616C63.TMP

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                  Entropy (8bit):0.3613836054883338
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                                                                  MD5:679672A5004E0AF50529F33DB5469699
                                                                                                                                                                  SHA1:427A4EC3281C9C4FAEB47A22FFBE7CA3E928AFB0
                                                                                                                                                                  SHA-256:205D000AA762F3A96AC3AD4B25D791B5F7FC8EFB9056B78F299F671A02B9FD21
                                                                                                                                                                  SHA-512:F8615C5E5CF768A94E06961C7C8BEF99BEB43E004A882A4E384F5DD56E047CA59B963A59971F78DCF4C35D1BB92D3A9BC7055BFA3A0D597635DE1A9CE06A3476
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Kernel Outlook PST Viewer.lnk

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 1 14:26:40 2024, mtime=Tue Oct 1 14:26:42 2024, atime=Thu Apr 9 22:08:40 2020, length=45826952, window=hide
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1308
                                                                                                                                                                  Entropy (8bit):4.616342057377702
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:8mjzd//EVkdOEhYNRT9nMpT9kUA0PFWXdLT9ULT9pdLT9qUUf3qyFm:8mPd/cWdO7RTOT6j0PFWXdLTqLT7dLTC
                                                                                                                                                                  MD5:0F30EA30CFFB1D607065279C0072520A
                                                                                                                                                                  SHA1:6A6ACE6C60957D26BA8B88B35011433FE8D2BDD5
                                                                                                                                                                  SHA-256:AAF0DD05A713E7066436F5C83737EEE221503576111CA4B7AF35DF4138B816B9
                                                                                                                                                                  SHA-512:6A6890001CEFF48D74787B6C2B7F7000C2555819D02EC82FC8758B7CD4DCBBA1F0237B68B207AE6D9B7617F51168EDA9F79F24DBC11694FB561AB4AB56F30572
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:L..................F.... ...?..P...._..Q.....L.......C...........................P.O. .:i.....+00.../C:\.....................1.....AYU{..PROGRA~2.........O.IAYV{....................V......-.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....|.1.....AYV{..KERNEL~1..d......AYU{AYV{....>........................K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.......2..C...P.. .KERNEL~1.EXE..l......AYU{AYU{.............................K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r...e.x.e.......}...............-.......|...........~E.......C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe..`.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.........*................@Z|...K.J.........`.

                                                                                                                                                                  C:\Users\user\Desktop\Kernel Outlook PST Viewer .lnk

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 1 14:26:40 2024, mtime=Tue Oct 1 14:26:42 2024, atime=Thu Apr 9 22:08:40 2020, length=45826952, window=hide
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1284
                                                                                                                                                                  Entropy (8bit):4.632427375758085
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:8mj5//EVkdOEhYNRT9nMpT9kUA0PFWjdLT9ULT9pdLT9qUUf3qyFm:8m1/cWdO7RTOT6j0PFWjdLTqLT7dLThg
                                                                                                                                                                  MD5:D06FA45C235C61E6371101A138EC5A5B
                                                                                                                                                                  SHA1:F1C4D77950AEBF5C602E0087DE6204BDE8C30BA4
                                                                                                                                                                  SHA-256:DD12139CC2CA60A9700F1C93286C048CCBCDA00AB2515BF0D5CD4B887DD55F62
                                                                                                                                                                  SHA-512:DA02A044B1E08DEF8B1EEA607DB47C360901FE5422A8B24B5B1BB75E5B3E1A141E0AD7989D152D05B7119F799E59466D3DD175611609172B62CCBCCA12515FBF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:L..................F.... ...?..P......Q.....L.......C...........................P.O. .:i.....+00.../C:\.....................1.....AYU{..PROGRA~2.........O.IAYV{....................V......-.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....|.1.....AYV{..KERNEL~1..d......AYU{AYV{....>........................K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.......2..C...P.. .KERNEL~1.EXE..l......AYU{AYU{.............................K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r...e.x.e.......}...............-.......|...........~E.......C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe..T.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.K.e.r.n.e.l. .O.u.t.l.o.o.k. .P.S.T. .V.i.e.w.e.r.........*................@Z|...K.J.........`.......X.......888683....

                                                                                                                                                                  C:\Windows\SysWOW64\RICHTX32.OCX (copy)

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):212240
                                                                                                                                                                  Entropy (8bit):6.1043020991071435
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:hTr80hTueZXFOTSqP0xqRBTdtmFdCJErRj6/uE:NhzZVOTSqcxqRBKFdF6/uE
                                                                                                                                                                  MD5:045A16822822426C305EA7280270A3D6
                                                                                                                                                                  SHA1:43075B6696BB2D2F298F263971D4D3E48AA4F561
                                                                                                                                                                  SHA-256:318CC48CBCFABA9592956E4298886823CC5F37626C770D6DADBCD224849680C5
                                                                                                                                                                  SHA-512:5A042FF0A05421FB01E0A95A8B62F3CE81F90330DAED78F09C7D5D2ABCB822A2FE99D00494C3DDD96226287FAE51367E264B48B2831A8C080916CE18C0A675FA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E.:@...........#.........8..................... ......................... ..............................................@...8...................."..........8...@................................................................................text............................... ..`.data...............................@....rsrc...\...........................@....reloc..8........ ..................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\SysWOW64\is-1E6U8.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):212240
                                                                                                                                                                  Entropy (8bit):6.1043020991071435
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:hTr80hTueZXFOTSqP0xqRBTdtmFdCJErRj6/uE:NhzZVOTSqcxqRBKFdF6/uE
                                                                                                                                                                  MD5:045A16822822426C305EA7280270A3D6
                                                                                                                                                                  SHA1:43075B6696BB2D2F298F263971D4D3E48AA4F561
                                                                                                                                                                  SHA-256:318CC48CBCFABA9592956E4298886823CC5F37626C770D6DADBCD224849680C5
                                                                                                                                                                  SHA-512:5A042FF0A05421FB01E0A95A8B62F3CE81F90330DAED78F09C7D5D2ABCB822A2FE99D00494C3DDD96226287FAE51367E264B48B2831A8C080916CE18C0A675FA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E.:@...........#.........8..................... ......................... ..............................................@...8...................."..........8...@................................................................................text............................... ..`.data...............................@....rsrc...\...........................@....reloc..8........ ..................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\LICENSE

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1558
                                                                                                                                                                  Entropy (8bit):5.11458514637545
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
                                                                                                                                                                  MD5:EE002CB9E51BB8DFA89640A406A1090A
                                                                                                                                                                  SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
                                                                                                                                                                  SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
                                                                                                                                                                  SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

                                                                                                                                                                  C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\_metadata\verified_contents.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1864
                                                                                                                                                                  Entropy (8bit):6.021127689065198
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7
                                                                                                                                                                  MD5:68E6B5733E04AB7BF19699A84D8ABBC2
                                                                                                                                                                  SHA1:1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0
                                                                                                                                                                  SHA-256:F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
                                                                                                                                                                  SHA-512:9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIyNXB3SWdtQWU2QTVoeDVVTG9OV0laODBLbzJjbktOTHpacUdjbjlLT2c4In0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOWVza0FuRlBsM3VCQzkwUmFWakxNaVI3NXZIQi0wQUVmMmg0RzU3ZXNpcyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC44LjEwLjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dU2MmRUQSugaJAJvEN4uaQHx-KXdOkjj0yK8_aH4Afr3kN7DPOZRt6yLTS3UchBE5M-dgPPPBuKADj4KEK4B22SO6WQquL5J27AUPqQBGgr44-iFGVJdOLLlfirFlJmcYv6DUFRYiPsQFGMr1JFqInj19jgkOxzR6qqcNuTCB0wGEMeTU80r-igCjeQG6TIzPro7yKd_-UxsxO6OGAySmlIJIoU54X0p0ATNoZyAfkhb8kb0oN8unOU

                                                                                                                                                                  C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\manifest.fingerprint

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):66
                                                                                                                                                                  Entropy (8bit):3.9159446964030753
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k
                                                                                                                                                                  MD5:CFB54589424206D0AE6437B5673F498D
                                                                                                                                                                  SHA1:D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609
                                                                                                                                                                  SHA-256:285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
                                                                                                                                                                  SHA-512:70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:1.dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4

                                                                                                                                                                  C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\manifest.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):85
                                                                                                                                                                  Entropy (8bit):4.4533115571544695
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln
                                                                                                                                                                  MD5:C3419069A1C30140B77045ABA38F12CF
                                                                                                                                                                  SHA1:11920F0C1E55CADC7D2893D1EEBB268B3459762A
                                                                                                                                                                  SHA-256:DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
                                                                                                                                                                  SHA-512:C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.8.10.0".}

                                                                                                                                                                  C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3300_1558915851\sets.json

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):9748
                                                                                                                                                                  Entropy (8bit):4.629326694042306
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq
                                                                                                                                                                  MD5:EEA4913A6625BEB838B3E4E79999B627
                                                                                                                                                                  SHA1:1B4966850F1B117041407413B70BFA925FD83703
                                                                                                                                                                  SHA-256:20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
                                                                                                                                                                  SHA-512:31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

                                                                                                                                                                  Chrome Cache Entry: 174

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):193
                                                                                                                                                                  Entropy (8bit):4.735614936279919
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:Ah7uyqMVHB9QrFNXNGAH7KHqLWt8o1Xr1GYBOSvn:A4yqOqF3mQixKSvn
                                                                                                                                                                  MD5:1771376DC07DA48B3F03339D86D57B7B
                                                                                                                                                                  SHA1:A5861EBFFF23A92CCD1CE6B8A517B6F877D50A63
                                                                                                                                                                  SHA-256:6E148DF31D721A0FF08563F2D676751786E01418C86EE54EE8F0E88AA46AE26A
                                                                                                                                                                  SHA-512:6038EFED0774FD61C7BF6558D3EA24CCEBFADA1041FA2C1606263A19F8700043A18F6E368ED550FC61F644EB7B81F8CAC01498F30CC56A103295911B28E436B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/4.C_rgEAoe.chunk.js
                                                                                                                                                                  Preview:function t(t){if("keys"in Object&&"function"==typeof Object.keys)return Object.keys(t);const e=[];for(const n in t)Object.prototype.hasOwnProperty.call(t,n)&&e.push(n);return e}export{t as k};.

                                                                                                                                                                  Chrome Cache Entry: 175

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):85563
                                                                                                                                                                  Entropy (8bit):5.229927593881849
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:uDCG0rTBcF/EDZeYiklEqgJUluiljTxAH4Qo97N:uWG0ysDMYikfcuAH47x
                                                                                                                                                                  MD5:2EE5206D609427C4E6856E492819A823
                                                                                                                                                                  SHA1:6553F33F849E7F8084DE9ADDCD9405B96EB1E904
                                                                                                                                                                  SHA-256:B0E8904DB7A2AD5B8A3AE50CE7A2312AED5841C4138ADDFEAE02FBA3D92F05BD
                                                                                                                                                                  SHA-512:BF5497837A66E9ED09C76F56D68A778C40EB39EC2514CD6ED43332BF366F3C065A76AC1E47ABB1011BB1D469BEF74F84124AAB584CD85F5FBFDA6AC24B585E29
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/tracking.js
                                                                                                                                                                  Preview:!function(){"use strict";function e(e,t){return e+t}const{hasOwnProperty:t}={};function n(e,n){return t.call(n,e)}function i(){return(i=Object.assign||function(e){for(var t=arguments.length,i=Array(t>1?t-1:0),o=1;t>o;o++)i[o-1]=arguments[o];return i.forEach((t=>{for(const i in t)n(i,t)&&(e[i]=t[i])})),e}).apply(void 0,arguments)}function o(e){return Array.isArray(e)}function r(e){return"object"==typeof e&&null!==e&&!o(e)}function a(e){if("keys"in Object&&"function"==typeof Object.keys)return Object.keys(e);const t=[];for(const n in e)Object.prototype.hasOwnProperty.call(e,n)&&t.push(n);return t}function s(e,t){return a(t).reduce(((n,i)=>(n[i]=e(t[i]),n)),{})}function c(e){return o(e)?e.map(c):r(e)?s(c,e):e}function l(e){return o(e)?e.filter((e=>null!=e&&!Number.isNaN(e))):Object.keys(e).reduce(((t,n)=>{const i=e[n];return null==i||Number.isNaN(i)||(t[n]=i),t}),{})}function d(e,t){for(let n=0;t.length>n;n++){const i=t[n];if(e(i))return i}}function u(e,t){for(let n=t.length-1;n>=0;n--)if

                                                                                                                                                                  Chrome Cache Entry: 176

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):32
                                                                                                                                                                  Entropy (8bit):4.538909765557392
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:HbiCnmzthPqS21:7iumBpqSQ
                                                                                                                                                                  MD5:C56669A57FEC68A46730A65370E59EE1
                                                                                                                                                                  SHA1:041503005688362213294A11CFFD5C08F15F5B89
                                                                                                                                                                  SHA-256:3889F4EC8DB0BDB082FE175EA7D54B407486FF5BDB6C63C01B239548D9C58716
                                                                                                                                                                  SHA-512:F0EB806E15BAA41E76AC6C2169319BA8387C94D1C4F77FFEE36B5E0DD3B5B4102680914CC08F62DF31965818235887153C53EEA3720171B5E41021CCFF5E3326
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkJDX8CmbGiChIFDUSUzi8SEAnjxxDJCCWjRRIFDT0fUzw=?alt=proto
                                                                                                                                                                  Preview:CgkKBw1ElM4vGgAKCQoHDT0fUzwaAA==

                                                                                                                                                                  Chrome Cache Entry: 177

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):79635
                                                                                                                                                                  Entropy (8bit):5.289069159608093
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:Hi/oGaLzMxuvh4g088wTWsgpL75FjO8uErMUxB5GsXONmK7hoI:Z/iwTTgpp2kGs+P
                                                                                                                                                                  MD5:8DD57A980ADC5F6314264E941C278DEC
                                                                                                                                                                  SHA1:31996956AEC34AD9674DFBA2C16208117C7F45EA
                                                                                                                                                                  SHA-256:71B7267C914AD367640FA262A433C4B0BE52FDD38A553E58CD0F79AA6454C5FE
                                                                                                                                                                  SHA-512:9FDB4238685DF6F9A828538ACEDB138A92A642E6277D14EFF01CC38F3FB55F1112D81515BE24A8010F6E0CF55BF5BAC7C7D4C4F5DD6A5F2AE4CCE6015E381F8B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/jsnew/jquery-v3.6.3.js
                                                                                                                                                                  Preview:/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */ !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=Object.getPrototypeOf,i=n.slice,o=n.flat?function(e){return n.flat.call(e)}:function(e){return n.concat.apply([],e)},s=n.push,a=n.indexOf,u={},l=u.toString,c=u.hasOwnProperty,f=c.toString,p=f.call(Object),d={},h=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},g=function(e){return null!=e&&e===e.window},v=e.document,y={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||v).createElement("script");if(o.text=e,t)for(r in y)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function

                                                                                                                                                                  Chrome Cache Entry: 178

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):186
                                                                                                                                                                  Entropy (8bit):4.627556787210992
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:TMQzLM9ROtbzYYYLfItKNRfdffqxZkmGvDgmalA/KmHfeGFlIYYKQReqAdiOD:APohpQNRlXWnGbZalACmHfeIlYKQReZv
                                                                                                                                                                  MD5:0BD8B4301141E5CE52A9990509F7E5A7
                                                                                                                                                                  SHA1:A88EA83C26EBAE2A1B80D726BC62D2594CC20B89
                                                                                                                                                                  SHA-256:21EFE3A723D4C025B73D6ECD76EA7CABDDE8D829CA95551B9D87E9000B134207
                                                                                                                                                                  SHA-512:5AB8891782B7FD7A38719E7F673EB42D4E3BA1F88D10D7BD86DE67AF229EA7F8D7D028B258F99F1FF09D0B1F47EC875685FB32153A9DC026A19A6EB8EB02477D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/7.Bla8Tg3n.chunk.js
                                                                                                                                                                  Preview:function t(t,n){return function(n,e){if(0===n){var o=0,i=setTimeout((function(){e(1,o++),e(2)}),t instanceof Date?t-Date.now():t);e(0,(function(t){2===t&&clearTimeout(i)}))}}}export{t};.

                                                                                                                                                                  Chrome Cache Entry: 179

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (23730)
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):321843
                                                                                                                                                                  Entropy (8bit):5.556630991953997
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:c2x2Hn+yCJQyGjrvzjCIhl5Zch2+4jQpGU:c2xZxJQxl5EP
                                                                                                                                                                  MD5:8465872F31C5FD9F17F124C8D289DC39
                                                                                                                                                                  SHA1:397DB604F13BD0841D697C0F481C459161514AF7
                                                                                                                                                                  SHA-256:7AC551E4057C3421DC68F45FE06DAD80B9B3542C0CDECE5F4C1A0F251D7430D7
                                                                                                                                                                  SHA-512:D4CD9A72DC47B35BF547430633430DACA5A48B81CD3A2AE4CB8594FCC43522E79B5F0D3C16C23D05F5E2BCB5AB205503B51C72428A0676BAA4DB03CAF07FA137
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.googletagmanager.com/gtm.js?id=GTM-M4JS6TD
                                                                                                                                                                  Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"40",. . "macros":[{"function":"__e"},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__remm","vtp_setDefaultValue":true,"vtp_input":["macro",1],"vtp_fullMatch":false,"vtp_replaceAfterMatch":false,"vtp_defaultValue":"Other group","vtp_ignoreCase":true,"vtp_map":["list",["map","key","^\/$","value","Home"],["map","key","buy","value","Buy"],["map","key","\/blog\/","value","Blog"],["map","key","\/supportcenter\/","value","Support Center"],["map","key","\/how-to\/","value","How tos"],["map","key","\/outlook-errors\/","value","Outlook Errors"],["map","key","\/access-problems\/","value","Access Problems"],["map","key","\/kernel-store\/","value","Kernel Store"],["map","key","\/solutions\/","value","Solutions"],["map","key","\/products.html","value","Product"],["map","key","\/casestudy\/","value","Case Study"

                                                                                                                                                                  Chrome Cache Entry: 180

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 8 x 5, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):1069
                                                                                                                                                                  Entropy (8bit):6.07241463176548
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:m1hTWwh82lYSKwRkKRwVLWT3zyJ3V1h7lhJGW2oZuX0I:s4vnLCXwoqJ3Hh2cut
                                                                                                                                                                  MD5:F4C4999A6D759768618EE345C1889501
                                                                                                                                                                  SHA1:30F1410A97847EE6B2131523679642270376FF59
                                                                                                                                                                  SHA-256:BE95EB090845E93DADB0B13F1EE083D2AAB010667535D9618B1CC955BC1F326B
                                                                                                                                                                  SHA-512:5D37D5C2798B311578085B199117ACB4D4C158BB0E8EB0BAFF328C6706900B629CE3FBD5DC6570B24F2DC0F46747EBF346658FCC7CEB2E5F950BB85408310F6E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/arw-menu.png
                                                                                                                                                                  Preview:.PNG........IHDR.............x..U....tEXtSoftware.Adobe ImageReadyq.e<...jiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:89B37AD1252011ED811CC5C6473F0613" xmpMM:DocumentID="xmp.did:BA0C63644AF711EDACCDB40F3E7E842A" xmpMM:InstanceID="xmp.iid:BA0C63634AF711EDACCDB40F3E7E842A" xmp:CreatorTool="Adobe Photoshop 23.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:152540E5290D11EDA0D0FB0198ABC0EA" stRef:documentID="xmp.did:152540E6290D11EDA0D0FB0198ABC0EA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......YIDATx.b...........?........l5E#.@. ....

                                                                                                                                                                  Chrome Cache Entry: 181

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):300
                                                                                                                                                                  Entropy (8bit):4.767327594033679
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:rsIOjD2xPnFJsklTiTcyElusuUhf7A4uz9OQznW1wn:r+jD2x9Js9cXAsuUhluz0vw
                                                                                                                                                                  MD5:640CAAB52100A1E9DFE618AAEB79838F
                                                                                                                                                                  SHA1:4654776A82E5405614A595D40CB33CA2B5BAE0B5
                                                                                                                                                                  SHA-256:FB8EB817D7251014C136B441BD4004FA6567908059013EDBB938925F23B67CEB
                                                                                                                                                                  SHA-512:17D605182BE517C5E797B2FD823B9AB7B6BD73D97BD2C3D11C5EB29D108CD350D789116528E351ABAEBDF3654CC65100B9E3353064BA38C9AB9008126C6A3061
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:const n=n=>{var e,l,o;const i=null==n?void 0:n.openaiIntegration;return Boolean((null==i?void 0:i.enabled)&&(null==i||null==(e=i.properties)?void 0:e.assistantId)&&!(null!=i&&null!=(l=i.properties)&&l.quotaExceeded)&&!(null!=i&&null!=(o=i.properties)&&o.hasInsufficientPermissions))};export{n as i};.

                                                                                                                                                                  Chrome Cache Entry: 182

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):19
                                                                                                                                                                  Entropy (8bit):3.6818808028034042
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:uZuUeZn:u5eZn
                                                                                                                                                                  MD5:595E88012A6521AAE3E12CBEBE76EB9E
                                                                                                                                                                  SHA1:DA3968197E7BF67AA45A77515B52BA2710C5FC34
                                                                                                                                                                  SHA-256:B16E15764B8BC06C5C3F9F19BC8B99FA48E7894AA5A6CCDAD65DA49BBF564793
                                                                                                                                                                  SHA-512:FD13C580D15CC5E8B87D97EAD633209930E00E85C113C776088E246B47F140EFE99BDF6AB02070677445DB65410F7E62EC23C71182F9F78E9D0E1B9F7FDA0DC3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:404 page not found.

                                                                                                                                                                  Chrome Cache Entry: 183

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (1749), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):1749
                                                                                                                                                                  Entropy (8bit):5.03988022865082
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:TG+GV1LNLJNM7thjH6hpAm0ATxzS7Rykq7o:TGZ15wmk0xzS7Rykq7o
                                                                                                                                                                  MD5:90F209555E8E1166E43DAC52E4328F47
                                                                                                                                                                  SHA1:8C68620E6CDA728D266107E8CB64D16C593EC76B
                                                                                                                                                                  SHA-256:A0A869DEE64A8A8CBBFFD58A85FAD1EA3A731347FAB32C51AE0EA9C1151A7A77
                                                                                                                                                                  SHA-512:2C89DC96A9464B2BB39269E5FF0256A4622E6BE09D1CEC9E6BE4E3C88604F6973A019BB9983C87F9BD03C50433E37AFE4E1A0264B0BF1E4AA90D7B6D6B4DE021
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://secure.livechatinc.com/customer/action/open_chat?license_id=8697156&group=0&embedded=1&widget_version=3&unique_groups=0&use_parent_storage=1
                                                                                                                                                                  Preview:<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#000000"><meta name="google" value="notranslate"><link rel="canonical" href="https://secure.livechatinc.com/"><link rel="preconnect" href="https://cdn.livechatinc.com"><link rel="preconnect" href="https://api.livechatinc.com"><title>Contact us via LiveChat!</title><meta name="description" content="Have any questions? Talk with us directly using LiveChat."><meta property="og:type" content="website"><meta property="og:title" content="Contact us via LiveChat!"><meta property="og:description" content="Have any questions? Talk with us directly using LiveChat."><meta property="og:image" content="https://cdn.livechatinc.com/direct-link/livechat-chat-with-us.png"><meta name="twitter:card" content="summary_large_image"><meta name="twitter:title" value="Contact us via LiveChat!"><meta name="twitter:description" value="Hav

                                                                                                                                                                  Chrome Cache Entry: 184

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):782
                                                                                                                                                                  Entropy (8bit):5.1803076570995215
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:pCjkn6DxQ5fjKv6rrNKqNVhzd9ms3LxLl+C5rRF3yB6q3zAjf8q:p8kn4Q5fjkerNJhzTmER+Yj3yvUf8q
                                                                                                                                                                  MD5:A7BC1343FB84DA3F27616CC8D8EDCCE0
                                                                                                                                                                  SHA1:302AA551F1CD366C36ECCADA74D0BAC2C85DB43D
                                                                                                                                                                  SHA-256:62CEB8A88B98BBE24A3B9FD8D65F58988E3B424BDB754E8D3EFFCC2D18E6D6C2
                                                                                                                                                                  SHA-512:010884828FBF472FD0EEDC17CE9D27A1F42A4639E228A65F1A7A680777E496B31FEF9E93822CCDE31E1FF89E4B7C260882BA977A6F9B3495C6FC06A4032303D1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/6.D_CKFAbE.chunk.js
                                                                                                                                                                  Preview:import{k as e}from"./4.C_rgEAoe.chunk.js";function t(e){return e.reduce((e,t)=>{let[n,a]=t;return e[n]=a,e},{})}function n(t){return e(t).map(e=>[e,t[e]])}const a=e=>n(e).map(e=>e.map(encodeURIComponent).join("=")).join("&"),r=e=>t(e.split("&").filter(Boolean).map(e=>e.split("=").map(e=>decodeURIComponent(e.replace("+","%20")))).map(e=>2===e.length?e:[e[0],""])),s=/[^:]+:\/\/[^(/|?)\s]+/,o=e=>{const t=e.match(s);return t&&t[0]},c=/.*?\?([^#]+)/,p=e=>{const t=e.match(c);return t?"?"+t[1]:""},m=e=>e.replace(/^\?/,""),u=e=>{if(null===o(e))return r(m(e));const t=m(p(e));return t?r(t):{}},i=e=>e.replace(/\w/g,"$&[\\r\\n\\t]*"),l=new RegExp("^[\0-.]*("+i("javascript")+"|"+i("data")+"):","i"),d=e=>l.test(e);export{u as a,a as b,p as c,r as d,n as e,t as f,o as g,d as h,m as t};.

                                                                                                                                                                  Chrome Cache Entry: 185

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ISO Media, AVIF Image
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):7470
                                                                                                                                                                  Entropy (8bit):7.914896136712579
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:rGA4myJXrXBp0XbLLJSPz8cVwV/NRMslIofdNoLy:rGmsXrXB+LtSP4623ZlIQNsy
                                                                                                                                                                  MD5:C50A99856832FE1BF2FD79E4682F882F
                                                                                                                                                                  SHA1:94DAF1A49052596062237A717D549889FE884F65
                                                                                                                                                                  SHA-256:B2505DC801EC8E4991D97BE678C8649915883BF3D1A18B09C67E85081B05B47B
                                                                                                                                                                  SHA-512:46DEADF7CCD334CB95A11B0301FC6BFBD11491FD5E65152F6D883206304646083EFF86505E1D9C272B07074BAACC6F01F967A3824000A80365B9EF57E0BD5519
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:....ftypavif....avifmif1miaf....meta.......!hdlr........pict.................pitm.........4iloc....D@...........................@.............8iinf..........infe........av01.....infe........av01.....iprp....ipco....colrnclx...........av1C........ispe...........e....pixi.........8auxC....urn:mpeg:mpegB:cicp:systems:auxiliary:alpha.....av1C. ......ispe...........e....pixi............ipma..........................iref........auxl.........zmdat.......r0.2..L$..HU.w....b.....L.{...|Q..<...E...Pc.K.Y....G......k..b..`.YGA.u..;...~..O...b.9...z.N....)....T\U..`.sU.wx...4.........F^.......hD.2._D...i..q....F.....l.K2...0.".w-_s.U.Q...R....[..._.....l3.".U.M..N.,v..hN...F.\(.Q....D...>.3.....].X.l..V.....d......8....}..{...,/TgH.t.=.)M..&<..KS.......>...X.S~.L.gL.ou.....n..%....pP.YJ...'.N~.......i^8..W..{Y*k...c`.z..G.c..F<..`...&......N......F}.!s.<....[.p.Uw..|.tC...y....}j.^F.~.~[.{......E..l...#...#$S..........!........@~..<.........WBkd.s{WxT......}....)`.~}..1

                                                                                                                                                                  Chrome Cache Entry: 186

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                  Entropy (8bit):4.1240244208650205
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:TMQm9XAdVMRUpFZwn:ABmgU1wn
                                                                                                                                                                  MD5:D541CE2D754402B833CC65B76EAEA2C6
                                                                                                                                                                  SHA1:C36A92A0F5CEF497CE42B1E8B4C72C8D9BD3786B
                                                                                                                                                                  SHA-256:80353503E48EBF6C2AE9F70184D3E758F64BACF48AFE147E039DF807509200CB
                                                                                                                                                                  SHA-512:F8CD5CC49F9276C580419958BF312EE0A311194FD41D116EE709E56401D769511700031EC9F3E6151F8DA6B7E13B16E374A231E31CB00B92413CE5C751C2A0B6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:function n(n){return!!n}export{n as i};.

                                                                                                                                                                  Chrome Cache Entry: 187

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                  Entropy (8bit):4.22899518445442
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:yXa/mLfZwdt7G3ECWGPgPGSAG8jWGhvGZFW/:yX4Yt3E0o+s8ZheA
                                                                                                                                                                  MD5:AD58DC8D249BAEB34C053B99943336DF
                                                                                                                                                                  SHA1:F119BAE24970B4A431C7F63B17DBA4F1D2466D45
                                                                                                                                                                  SHA-256:6777FB38896D13D8577B0D9D7CAD220CE4D3A34C1F972F7B39F2BA04869B8B27
                                                                                                                                                                  SHA-512:6F0A10C2C82D8669402756580FCFEC548B19F4A58C4853DE4E711CD82CB27C5652ED47CA071A72BFC3FF47AB7D5D68CBE7E7C79C5DE210AC777EF5B0CE3BBF49
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/favicon.ico
                                                                                                                                                                  Preview:............ .h.......(....... ..... ..............................!...!...!...!...!...!...!...!...!...!...!...!...!...!......!...9.......................................................!...!.......!...!...!...!...!...!..'7.4...nDY.4...q@U...!.......!...!.......!...!...!...!...!...!...!...-.4...hLa.4...q@U.......!...!.......!..EO.....&1...!...!..4@.....U_.4...hLa.4...q@U...!...!.......!.........aj...!...!..............!.4...Gw..4.....!...!.......!.........bk...!..v}..........+6...!...!.4.........!...!.......!...........8B.........._h...!...!...!...!.4.....!...!.......!.........................!...!...!...!...!.......!...!.......!.....................0;...!...!...!...!...!.......!...!.......!.........go............$0...!...!...!...!.......!...!.......!.........bk...(...............*...!...!...!.......!...!.......!..~.......EO...!...*..........,8...!...!...!.......!...!.......!...!..!-...!...!...!...!...+...!...!...!...!.......!...!...9...................................

                                                                                                                                                                  Chrome Cache Entry: 188

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (1559)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1561
                                                                                                                                                                  Entropy (8bit):4.967688360149846
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:W7ltDBA3k/HKvh9zXpZbSMLq/PLCP2UvUsVH2UBWaKgX7HO0HDHZlt7lyOKqQrug:GjKkyvBJofUveUBpKSHO01bAce
                                                                                                                                                                  MD5:46D30AB5382DF71471A9D5F98AE716B7
                                                                                                                                                                  SHA1:0587EF82F152C2EE93F795587B27C42C10B0D09E
                                                                                                                                                                  SHA-256:354C31943F4FA644FBC1B1CE9EB88CC00333181E9B66430072BAED30321BEB28
                                                                                                                                                                  SHA-512:3109D1D5EBA8DE3FDA61DF7281B092C91A111523E06E91B87B1D210C724D176F1B524719FD535D21079D800E1A855E2B51AE3D26C11E936C5D978756E37A38FE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:$(document).ready((function(){$(window).scroll((function(){$(this).scrollTop()>580?($(".to-top").addClass("yessshow"),$(".sticky").addClass("chemu")):($(".to-top").removeClass("yessshow"),$(".sticky").removeClass("chemu"))})),$((function(){$("span.starsAll").stars()})),$.fn.stars=function(){return $(this).each((function(){$(this).html($("<span />").width(22*Math.max(0,Math.min(5,parseFloat($(this).html())))))}))}})),$(document).ready((function(){$("#msubmenubar a.goon").click((function(t){t.preventDefault(),$('a[href="'+$(this).attr("href")+'"]').tab("show")}))})),$(document).ready((function(){$('a[rel="relativeanchor"]').click((function(t){return t.preventDefault(),$("html, body").animate({scrollTop:$($.attr(this,"href")).offset().top-135},1e3),!1}))})),$(document).ready((function(){$('a[rel="myrelativeanchor"]').click((function(){return $("html, body").animate({scrollTop:$($.attr(this,"href")).offset().top-360},500),!1}))})),$(document).ready((function(){$(".accordion-collapse").on("

                                                                                                                                                                  Chrome Cache Entry: 189

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):650
                                                                                                                                                                  Entropy (8bit):7.16410425535812
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:rWWpnkPXftyrqdhcUJPJpiZf5HixzLyy2G+Re/KrXwJRBxz1TIRQjkqYbLBMQxZt:rhpUf1GUbirHixzLIGUgJRBxzdzBYP24
                                                                                                                                                                  MD5:9C0C39E27EF1FED30AB01BE22EAE4EA0
                                                                                                                                                                  SHA1:9E1D5E7AE501D58A5AC783D6D8638A65DCB8FA02
                                                                                                                                                                  SHA-256:7A6E037558750389A5C1189835A8313610ECA18963F47B29758899136E951C06
                                                                                                                                                                  SHA-512:DE59E06866C6F60B55BC894483B4DAB6E7181FC16A5630AC78C36280A4484A59B91A45CEB719B0C3EBC64D634929D37CE538FBF2E4C189434FE4FCFB025744D5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/soc005.webp
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH......dm.GO.6.`c.=..;...{d..am.m....=..p..........<....)...wVM.p..D;...._#..C...............z.....yJp.7`...zf+..MK4..6K.4(.mX...I.`W..Y.?[9\......K.!eJ}...D......|..A.a..W)X.?.V(......~.P.p.Qj.K..o.W&I.}...$.....r.\.J %......B..x>....~"...%r...=...R@...(.........8P...J....JR)..C{...T...O..h5.W+X.../.1....kJ..|...6..W.....Q2.W..WCb7.'m...........$.~..).....L..Y..v......%i.u..6"..c..t.V..U.......~yrg.L.N.VP8 b...p....* . .>.H.K%.".......@...&.~.(Iw..h..,.....&.M.a5w..A.....W.K.sX..p .?C.....}...}5.9..6.....PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 190

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (21136)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):21137
                                                                                                                                                                  Entropy (8bit):5.150165159622828
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:kgLn9YE+ZEPpjINAP2vYH70QIYzqTuDOrKOf71by1F8RrqWTVbvcaUHmvUgvrQ67:kgL9Y3ZEPpjIN270QIYzqKDOrKk71u1g
                                                                                                                                                                  MD5:DDDDECE81151FA70E6832F1596811F33
                                                                                                                                                                  SHA1:5DAE2B0BD445009BFE76218A6533C8E7D973A064
                                                                                                                                                                  SHA-256:4CFB4286E4523D8F76B2058D3A1CDA39F49BA92BDE2537CAC6DA5B64FDF408FF
                                                                                                                                                                  SHA-512:6B0B925F6CCFEB169109C1234FE872125B7A40CA593EF3F40FFA67643632FDEE5C0648CD17D61C79638D7A85B1FB35F80D47FEE92679753750DF1DE65DDE2864
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:import{eZ as e,ar as t,P as r,ap as s,eU as a,V as n,bM as i,aH as o,r as p,ad as u,w as l,L as c,M as d,d3 as m,b9 as g,e_ as h,D as y,bI as v,O as f,U as _,cX as b,$ as I,az as x,p as T,e$ as w,b7 as k,u as M,eI as S,q as U}from"./3.BbDRrKd8.chunk.js";import{u as q,v as V}from"./5.4VquQRII.chunk.js";import{h as j,g as C,d as B,t as D,c as F}from"./6.D_CKFAbE.chunk.js";const A=e=>{let{id:t,authorId:r,timestamp:s,serverId:a=t,threadId:n=null,seen:i=!1}=e;return{id:t,serverId:a,thread:n,author:r,timestamp:s,seen:i}},E=e=>{let{id:t,customId:r,authorId:s,timestamp:a,threadId:n,properties:i,seen:o,serverId:p,type:u,text:l,urlDetails:c,...d}=e;return d},O=e=>q("bb9e5b2f1ab480e4a715977b7b1b4279",e.properties)?{reaction:t("bb9e5b2f1ab480e4a715977b7b1b4279.message_reaction",e.properties)}:null,z=e=>q("aa8151b317737a3e79d8e3384e6082de",e.properties)?{useFixedAnswers:t("aa8151b317737a3e79d8e3384e6082de.use_fixed_answers",e.properties)}:null,L=t=>{if(t.urlDetails){const{urlDetails:e}=t;return{...

                                                                                                                                                                  Chrome Cache Entry: 191

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (7711)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):340845
                                                                                                                                                                  Entropy (8bit):5.599776527162483
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:M4JCn+yZCSPszjrvwB9YzG2+4jQseSGVcwOu0pUDSBY:VJ5uCSPr26O9pUD9
                                                                                                                                                                  MD5:A3D740FA352E6CD132BFC2DB659412D0
                                                                                                                                                                  SHA1:F999585C39B770479C54B5ABE4EC57065750B3DB
                                                                                                                                                                  SHA-256:C08FEA59E733143018240E194F085CC27296B78618198EB71E88FA126385AE50
                                                                                                                                                                  SHA-512:0D337D3A09C2306443BCD79D365D057DC0EB39EA79AABDD16F5181019E8300C015811E61065909A42E8306690429D950096DA8BD8B3BB6D12E0F7AEBAEF69608
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"7",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":false},{"function":"__c","vtp_value":false},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":14,"vtp_value":true,"tag_id":11},{"function":"__ogt_session_timeout","priority":14,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":13},{"function":"__ogt_ip_mark","priority":14,"vtp_instanceOrder":0,"vtp_paramValue":"office","vtp_ruleResult":["macro",1],"tag_id":14},{"function":"__ogt_ip_mark","priority":14,"vtp_instanceOrder":1,"vtp_paramValue":"internal","vtp_ruleResult":["macro",2],"tag_id":15},{"function":"__ogt_1p_data_v2","priority":14,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SE

                                                                                                                                                                  Chrome Cache Entry: 192

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):74
                                                                                                                                                                  Entropy (8bit):4.520698137105598
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:TMQdsNLP0RN8gcO0ifFEN:AtNb0RTcONc
                                                                                                                                                                  MD5:C96A39460D2B0A92409B2B92F3DA88F9
                                                                                                                                                                  SHA1:C1AD7E3C7F38743EBADF589676726DAD6799A9D5
                                                                                                                                                                  SHA-256:AF2012B0CDFA449F186DF2F8DC9B3E64B48B8C5C630CC8D3C4DF61973499E7C4
                                                                                                                                                                  SHA-512:C6A642B4F09C7DC0B2679C972CC99E4C1E00E268D309AAE062883D3EEEB7D3E39BEF53388DD20AAE7F733DA57ED2374C1B12DED0997CBCA2762B4B03C332CBFD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:function e(e){return e.charAt(0).toUpperCase()+e.slice(1)}export{e as c};.

                                                                                                                                                                  Chrome Cache Entry: 193

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):67959
                                                                                                                                                                  Entropy (8bit):5.185618087726088
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:/ORVvLZMH5qMlf2z3BamRHw0cyKrnz2POx/8uptKL56:/OLvWHsSiamRHpKr6k/8uLKLc
                                                                                                                                                                  MD5:45AE772AE64D65910AFBD840F5D11187
                                                                                                                                                                  SHA1:7C002DD0177C2ACACBB7B99193C1EB905894A947
                                                                                                                                                                  SHA-256:826380D54216968373B441CE9EA174313EE6290D704E82E2281C5BC70521EB7E
                                                                                                                                                                  SHA-512:C07E62A99811402D512F3F894FD0A0B92067310B80B0053E79763EA491E0495811EDE9B9364356546A22A613EF8F14B478DC489C7B941B8DBD49B8FCB4F91EC6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:import{_ as e,dm as t,dn as a,dp as r,dq as n,dr as s,aH as i,ds as o,b5 as c,dt as d,$ as p,aF as l,y as u,u as m,du as h,ci as g,dv as v,dw as _,dx as f,dy as y,dz as I,dA as S,b9 as b,dB as C,ad as T,dC as E,dD as w,dE as k,dF as A,dG as N,dH as q,dI as O,dJ as P,dK as F,dL as x,dM as U,dN as L,dO as j,dP as M,dQ as D,dR as G,dS as z,dT as R,dU as V,dV as H,dW as B,dX as Q,dY as J,dZ as W,d_ as Y,d$ as Z,e0 as K,e1 as X,e2 as $,e3 as ee,e4 as te,e5 as ae,e6 as re,e7 as ne,e8 as se,e9 as ie,V as oe,P as ce,L as de,ea as pe,c8 as le,af as ue,aC as me,eb as he,ar as ge,ec as ve,ed as _e,ee as fe,ef as ye,eg as Ie,U as Se,cs as be,eh as Ce,br as Te,ei as Ee,ej as we,ek as ke,j as Ae,av as Ne,R as qe,el as Oe,I as Pe,em as Fe,en as xe,eo as Ue,ep as Le,eq as je,D as Me,er as De,cQ as Ge,ag as ze,x as Re,bZ as Ve,aB as He,aD as Be,es as Qe,et as Je,cA as We,eu as Ye,ev as Ze,ew as Ke,ex as Xe,ch as $e,cw as et,ey as tt,ez as at,e as rt,eA as nt,K as st,eB as it,eC as ot,eD as ct,cz as dt,

                                                                                                                                                                  Chrome Cache Entry: 194

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (4852), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):4852
                                                                                                                                                                  Entropy (8bit):5.00288156247875
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:CRW/1RupyFJhQ08YZWP/wXtJJJ+Yki1KwY9P/vCLg:vTJFJis2vbQKJxKM
                                                                                                                                                                  MD5:1F4BC85A5DD547C1F19541D6AC58A9CA
                                                                                                                                                                  SHA1:7D3CB81EC588439F76BFE1B01684AA8853055E41
                                                                                                                                                                  SHA-256:6BED97D1FEC9D29A0D611F5CD17E88C939E154FDB99040D48F2DDEE6138BBA75
                                                                                                                                                                  SHA-512:BA24C2BB1897CCF9EEED1B58FEE4FB5316A1DAF5F0C49CADEE896570C8BA71EAC5CD7AAA4BFD548D28392C0A55821A20DFD252C3919EB19A02B8ED1C8A39172C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://api.livechatinc.com/v3.4/customer/action/get_configuration?organization_id=808fbd9a-f30d-4312-96e4-6fce80bc2657&version=3142.0.10.808.59.180.10.13.6.6.6.36.3&group_id=0&jsonp=__lc_static_config
                                                                                                                                                                  Preview:__lc_static_config({"buttons":[{"id":"6f8eb39a2d","type":"text","online_value":"Live chat now","offline_value":"Leave us a message"},{"id":"93851e831f","type":"image","online_value":"cdn.livechat-files.com/api/file/lc/main/default/buttons/button_online007.png","offline_value":"cdn.livechat-files.com/api/file/lc/main/default/buttons/button_offline007.png"},{"id":"ea2741ba0f","type":"image","online_value":"cdn.livechat-files.com/api/file/lc/main/default/buttons/button_online003.png","offline_value":"cdn.livechat-files.com/api/file/lc/main/default/buttons/button_offline003.png"}],"prechat_form":{"id":"169527612523205756","fields":[{"id":"16952761252320117","type":"header","label":"Welcome to Kernel Data Recovery! Please complete the form below to chat with our Product Specialist."},{"id":"169527612523209351","type":"name","label":"Name:","required":false},{"id":"169527612523203973","type":"email","label":"E-mail:","required":false},{"id":"169527612523208965","type":"question","label":"Pho

                                                                                                                                                                  Chrome Cache Entry: 195

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):720
                                                                                                                                                                  Entropy (8bit):7.286613713051792
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:46WWpnZ2HB0gDsF7Pl5LvibllxtuvxEF1fLPll0vLY9taWpA4FXCuSQ1DNqo6BM4:ZhpshnDI7d5Lv+/nBT7sSaWpiujZC2OT
                                                                                                                                                                  MD5:FCC86F732D001C908678DA12DEDF4859
                                                                                                                                                                  SHA1:2FF238E406D997BB25DDE2093C0C71E47FA50B01
                                                                                                                                                                  SHA-256:A2C61002F8F47DC6DEC002C0D172382D30608BE50CC549545EDA73199BF23C93
                                                                                                                                                                  SHA-512:236DE7BBFEAF20A450AF43FC22FDB7E5AC79F285FC7F5C6797D2C00D1838B47337C7765E4EF79B566DBD836EE4125B6058DFBC0C0AE9B7D7901AA25BA438934F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH......(I.i[}m.}.m.m.m.y.l...............@3]I.rs-.3P..r5.!.....0.......:..<....~...Dp.:.fwl..!O..........[..e.x$...a.....l.a.!... a..a....m9Q@..C+.x....../......WC...-..hk..Q.:.k.[.F..u..[.^..f..OQ...R...._...M.7g...m:............\.....Q...}....{$.J]"?.*.4{2.....%_.3.....OP.Up%.7...O>.fI..U.....:....o.... ...G.D...}.F.F..?.j....t...o.$.[_.(.....+. v..|..Gr...(.............P..-...4u'..X}z..M.7,...}'..!.s....H.}.g._vyA.....7...VP8 .........* . .>.>.H%.".0.....l..2.{_................&..:....&..S.....)...y.H..VCu..b..D.xf...G.\.x...B3...z..'x....7.M9SJ-...?...PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 196

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 199 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):9112
                                                                                                                                                                  Entropy (8bit):7.863227970853859
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:jSLknHcSmxJTRaedL4LnKJd3lmYvcaB3zeMxqV1+mqhfPM:WgnrUTRaedfJdV5vcaB3zer1kh3M
                                                                                                                                                                  MD5:3FA0F98D2D97658E176309F55C1C9C83
                                                                                                                                                                  SHA1:BB9CD755A57B7D900751F591E2EFDDACF8610A94
                                                                                                                                                                  SHA-256:788586C1DE232C9839A6F05D3E665AA1E9E1CF6384E0A86B78E4E6F99C633CAA
                                                                                                                                                                  SHA-512:07E69E308C57558FEEBAF2F658E31F10944E6CB730B6524F1CA53B9F08743FE4980B4A1ED1AB101EBC47B161431B8F05482DD26AE250995F3B33DC33D8055445
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/cli-2.png
                                                                                                                                                                  Preview:.PNG........IHDR..............N......pHYs................1iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)" xmp:CreateDate="2023-10-23T11:09:43+05:30" xmp:ModifyDate="2023-10-23T16:45:19+05:30" xmp:MetadataDate="2023-10-23T16:45:19+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:86bb4abc-6731-6140-a99c-3f3c1ddc55e1" xmpMM:DocumentID="adobe:docid:photoshop:532a0c31-e14a-534a-92ae-551b0e6d1aee" xmpMM:OriginalDocumentID="xmp.did:7312ed

                                                                                                                                                                  Chrome Cache Entry: 197

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):186
                                                                                                                                                                  Entropy (8bit):4.627556787210992
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:TMQzLM9ROtbzYYYLfItKNRfdffqxZkmGvDgmalA/KmHfeGFlIYYKQReqAdiOD:APohpQNRlXWnGbZalACmHfeIlYKQReZv
                                                                                                                                                                  MD5:0BD8B4301141E5CE52A9990509F7E5A7
                                                                                                                                                                  SHA1:A88EA83C26EBAE2A1B80D726BC62D2594CC20B89
                                                                                                                                                                  SHA-256:21EFE3A723D4C025B73D6ECD76EA7CABDDE8D829CA95551B9D87E9000B134207
                                                                                                                                                                  SHA-512:5AB8891782B7FD7A38719E7F673EB42D4E3BA1F88D10D7BD86DE67AF229EA7F8D7D028B258F99F1FF09D0B1F47EC875685FB32153A9DC026A19A6EB8EB02477D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:function t(t,n){return function(n,e){if(0===n){var o=0,i=setTimeout((function(){e(1,o++),e(2)}),t instanceof Date?t-Date.now():t);e(0,(function(t){2===t&&clearTimeout(i)}))}}}export{t};.

                                                                                                                                                                  Chrome Cache Entry: 198

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (6514), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6514
                                                                                                                                                                  Entropy (8bit):5.984490613118883
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:1gWUfvlcY021mvn1blhad7OIJoodnbUp2dEjkRURnEsLHbH4+JX8sLHbH4+JX8M:1DY0hf1bT47OIqWb1DsLrBJXTLrBJXn
                                                                                                                                                                  MD5:9E9EDD96D4BA2DBB765C2529FC7590CD
                                                                                                                                                                  SHA1:8BF9317C31276B05E6ECDEA12CAB98C094688AE3
                                                                                                                                                                  SHA-256:8B76798991D94F92B82263A04E2E3B6D0087C28771A73B74B707534869E1D86A
                                                                                                                                                                  SHA-512:D8094018D98F3D05E008E6BBB873894B8010FFFAC94D228F557CB055B7F1A12772F567BFB4C1A1CAF9FCF36EA63B618F28D4381EBB6EA816702B6FCB0BCF38EE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]}c=c[c.length-1];d=p&&d==="es6"?g[c]:null;b=b(d);b!=null&&(a?h(t,c,{configurable:!0,writable:!0,value:b}):b!==d&&(v[c]===void 0&&(a=Math.random()*1E9>>>0,v[c]=p?m.Symbol(c):"$jscp$"+a+"$"+c),h(g,v[c],{co

                                                                                                                                                                  Chrome Cache Entry: 199

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (3259), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):3259
                                                                                                                                                                  Entropy (8bit):5.17462973446332
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:D/YXhrV0jAkspw8C0r0tVfvBXPkgPiH+Oxto+OxnoKAHMA2ox5A6tZBCIUW0U/YC:D/WVyjtseqwHfdxqKEMATv9Cf8l
                                                                                                                                                                  MD5:B572DEF2BF153F5821A16BED9BDDF9F2
                                                                                                                                                                  SHA1:3DAE55B4612B306C0D817096F01F5DE071AABC51
                                                                                                                                                                  SHA-256:66159B04D61FEF7A01D76AB4C9113FA60BCCCD40F6FD9AF1456CD7E4EAC3752B
                                                                                                                                                                  SHA-512:4A2A302EA3965F2B7A8661779F18313408C4BB22CB0F51458C4F78ADFF616002B97AF0C146A68C20BE08904988C6234D89187824F31BD28AA7DA55C42259DD30
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://lepide.iljmp.com/improvely.js
                                                                                                                                                                  Preview:var improvely=function(){var e=1,n="",o="",i=function(e,n,o){var i=e,t=new Date;t.setDate(t.getDate()+o);var r=i+"="+escape(n);null!=o&&(r+="; expires="+t.toUTCString()),r+="; path=/; SameSite=Lax",document.cookie=r},t=function(e){var n=e;return document.cookie.length>0&&(c_start=document.cookie.indexOf(n+"="),-1!=c_start)?(c_start=c_start+n.length+1,c_end=document.cookie.indexOf(";",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))):null},r=function(e){return window.encodeURIComponent?encodeURIComponent(e):escape(e)},c=function(e){setTimeout(function(){var o=document.createElement("script");o.type="text/javascript",o.src="https://"+n+".iljmp.com"+e+"&rand="+Math.round(1e3*Math.random()),o.async=!0;var i=document.getElementsByTagName("script")[0];i.parentNode.insertBefore(o,i)},1)},a=function(){for(var e,n={},o=location.search.substring(1),i=/([^&=]+)=([^&]*)/g;e=i.exec(o);)n[decodeURIComponent(e[1])]=decodeURIComponent(e[2]);return n

                                                                                                                                                                  Chrome Cache Entry: 200

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 61160, version 1.0
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):61160
                                                                                                                                                                  Entropy (8bit):7.996652594739111
                                                                                                                                                                  Encrypted:true
                                                                                                                                                                  SSDEEP:1536:Mt5ij6crjbjegECyPRmdUDEpW7aWTIEUcJQbIFHeQS8iN:Mtc6Mzr2RF7aWMZXIFviN
                                                                                                                                                                  MD5:2A553F7D05E27A1396AA3F03C296E268
                                                                                                                                                                  SHA1:A11EF5168B23333A6A64AF472849D9D4D2165CF3
                                                                                                                                                                  SHA-256:133EEE529400866A00FDD329C3B253D6C4A4E8C87C40AB502394E4F8CBD4789F
                                                                                                                                                                  SHA-512:DB957DE32EF0A4AFD2EC079532B00BC8164EF90CA6C3EDDBF467699EA714241DB0AEED6DCF32AD4A0AC8CC4EB265856F5FEFED57B3E6CCD254D9B6798A0FE08A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/cssnew/fonts/Montserrat-Regular.woff2
                                                                                                                                                                  Preview:wOF2.............................................:........`?STATH..j.....p..z..X..6.$..,. ..x......[....E..V[.X..@.......;~..`6...\Q.nv.>.(.G......m@...^.6............ Y<.....f_...t.....)`K.."....C..|LE..Ju.ALl..]..a...#K.X&p..x.U.C..-T./......Xb..x..j.u7..eS..$..w...Sr,...../>.Y.$....o.Q. .....6.4L....(.M.X......*.vaR.T..S..R.....Q)!..Y.s..E.|S^H...4]K3...t.V.....m..Q..e?!.IH:7..0Rgy..u...B.IHB2..<..w.P.....t.;..l..N....o.W.c.[g:\.....K..A../..%<..eP..D.G..*H.i.).....2.J..I..3H...l.,uh .O..[...{.\..M%fs...3.t....K<.'b..US.g..O...p.^.Tm ...w?.%.9..........>._...........yuJ0....)fv..<%u.Va...$H:O&...v#..l...@.1,..3.......#^c.~-...7.m........>.W_7..D.....^:./......5...~..._..v.+=..!..3...$'.4..(c:R..N...xc2..=....4.P...fb....j.q.<u ...y|....n..#.t.....?...p..d5.+X..<.x...FCt.v.`I.<....d.:l...=4.>'o..\..%....aZ.#".x./...=O_.k'.......=..y....I.1...H.!.... ..LQ.. 8Pp..8p!.;TDE7.*..*ntS.tS.B......r...m{.#.GV8.v..}.......Pwqq..ug.S..'b.m<U....

                                                                                                                                                                  Chrome Cache Entry: 201

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):782
                                                                                                                                                                  Entropy (8bit):5.1803076570995215
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:pCjkn6DxQ5fjKv6rrNKqNVhzd9ms3LxLl+C5rRF3yB6q3zAjf8q:p8kn4Q5fjkerNJhzTmER+Yj3yvUf8q
                                                                                                                                                                  MD5:A7BC1343FB84DA3F27616CC8D8EDCCE0
                                                                                                                                                                  SHA1:302AA551F1CD366C36ECCADA74D0BAC2C85DB43D
                                                                                                                                                                  SHA-256:62CEB8A88B98BBE24A3B9FD8D65F58988E3B424BDB754E8D3EFFCC2D18E6D6C2
                                                                                                                                                                  SHA-512:010884828FBF472FD0EEDC17CE9D27A1F42A4639E228A65F1A7A680777E496B31FEF9E93822CCDE31E1FF89E4B7C260882BA977A6F9B3495C6FC06A4032303D1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:import{k as e}from"./4.C_rgEAoe.chunk.js";function t(e){return e.reduce((e,t)=>{let[n,a]=t;return e[n]=a,e},{})}function n(t){return e(t).map(e=>[e,t[e]])}const a=e=>n(e).map(e=>e.map(encodeURIComponent).join("=")).join("&"),r=e=>t(e.split("&").filter(Boolean).map(e=>e.split("=").map(e=>decodeURIComponent(e.replace("+","%20")))).map(e=>2===e.length?e:[e[0],""])),s=/[^:]+:\/\/[^(/|?)\s]+/,o=e=>{const t=e.match(s);return t&&t[0]},c=/.*?\?([^#]+)/,p=e=>{const t=e.match(c);return t?"?"+t[1]:""},m=e=>e.replace(/^\?/,""),u=e=>{if(null===o(e))return r(m(e));const t=m(p(e));return t?r(t):{}},i=e=>e.replace(/\w/g,"$&[\\r\\n\\t]*"),l=new RegExp("^[\0-.]*("+i("javascript")+"|"+i("data")+"):","i"),d=e=>l.test(e);export{u as a,a as b,p as c,r as d,n as e,t as f,o as g,d as h,m as t};.

                                                                                                                                                                  Chrome Cache Entry: 202

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):666
                                                                                                                                                                  Entropy (8bit):7.258438477107102
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:MPWpnJ4ptzI3fksJgZAYcjpxr+Y7/UaJj6hsnq/UMmp4FfMQxZt:MOpKpQkA3Y4tUaJj6GniIOT
                                                                                                                                                                  MD5:2444B2DF7E6BF2A700CB224F3BB1F055
                                                                                                                                                                  SHA1:75020AEEF17C090716B852D65797BBA6A1007FAB
                                                                                                                                                                  SHA-256:E371E5D044A924DB26972AF5FB85E404E62AA64ED0A02FDA01FC43EDFD3556CF
                                                                                                                                                                  SHA-512:651B4F5434F64DD69695B241FF69369843ECF9403752ADAD57FF95F345298722D5EDE0124F5091183ED9F90AC8F86608FA836545B5F773E0BD32935217C73D6B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH.......m.7wl.n4.m.Gm..g.....m..v.'..~W.~8.l "&@....E.e.\t_.h..dI..a.|......$i.`.|.r.....+c>.O.......Re.....oS...}..0JY..0l....S?.5R.7/[H.......................2..r.......wO.'q...Y....I3yY...3@u+y{.......Y..?.<....].L}.G..Am.k.....C.......OY......z'<...t5.`...R.J.>?.5R.%(V..(p.]...../..jT.>'...Q.)..Y...[88.<..9..I..Z..^.M[._.}...o..|.%.Y..,`............6y.....r.E..}....VP8 ....P....* . .>.H.K%.".......j............^...|..E......&..d.+...J...50...%n..~..A.P..9........^...q.~R.E.1....i.V..0QN:^....2.7.\*$..Y.i19Z.] ..PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 203

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):74
                                                                                                                                                                  Entropy (8bit):4.520698137105598
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:TMQdsNLP0RN8gcO0ifFEN:AtNb0RTcONc
                                                                                                                                                                  MD5:C96A39460D2B0A92409B2B92F3DA88F9
                                                                                                                                                                  SHA1:C1AD7E3C7F38743EBADF589676726DAD6799A9D5
                                                                                                                                                                  SHA-256:AF2012B0CDFA449F186DF2F8DC9B3E64B48B8C5C630CC8D3C4DF61973499E7C4
                                                                                                                                                                  SHA-512:C6A642B4F09C7DC0B2679C972CC99E4C1E00E268D309AAE062883D3EEEB7D3E39BEF53388DD20AAE7F733DA57ED2374C1B12DED0997CBCA2762B4B03C332CBFD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/8.xhyEK0_l.chunk.js
                                                                                                                                                                  Preview:function e(e){return e.charAt(0).toUpperCase()+e.slice(1)}export{e as c};.

                                                                                                                                                                  Chrome Cache Entry: 204

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):988
                                                                                                                                                                  Entropy (8bit):7.7249254907466804
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:kvKt2dUC+kJalyqxRNLiZZbMQ3Ic0Dk3Ya0LPrOi5:V9CDalyqxGZbnYxDSeLTOm
                                                                                                                                                                  MD5:BAABE6F5569324C497E129E115EBADC3
                                                                                                                                                                  SHA1:6AAA33F509A63B755BFBAF20C600FBA888731F9A
                                                                                                                                                                  SHA-256:CA664CCB23C5D2E949A2A562C7C8CF0E2F1A0870D0E7DCF83F9FA22240F11BBC
                                                                                                                                                                  SHA-512:5FB889446DCB3E56B0CB15EE68A78D05B7B551D599B309E1D4560BA667D7E285C79E403E56315F878417D8079E9A8E1A1CEC3AF1E5E0F5003257DBA007DEA471
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH.....' !......x..".v..F.~5..N...%8L.........O~^.....?P6B*4.. :.4.j;6...z...:;..:.J.;.a.....rh.O8..qEw.[E.,.D...U.M.....q....VP8 ....0....*....>.:.D#!...l..Bx.3B@.eo..P...P...W.c...S...~...z!.....7.7U.(...'..e.....h.v]...Teo..kE.\|......]t......J]*...~x..x..;.9.A...wC..........[.[.Q%.%.....|c0..........._\..c3.O..#'...1.".,...[.t..n:..Z.....O/...?.D.rj.....d#...3....N..."p..>s.. ...45.t....<.+...c!.....z..v9.>....W.......o.....'......./...........|?.x.O.*....F6.3....0.&....u...;.....9.......5...:.7.........}.r.BfT..........p....9........N.y}...m.u.....G."X.W..U..P.|..X..;a-or.r....^.Oq.<x.....;_....f./....X..C.*,..s....s.._6......t2.c...?.R+S.......p.s.s9..a5....z.E;<..}.x.z~.r.).|<.G..)=...s.9.^.%.e...5.....(.Y.W..N=Y|...pt.Nw.....6......P|..#.........I+G`...k.i.........g..Y...W..{..I..+_.[HJ..5...@k.0m..g.Sx..8.....y.}5...[.....x...!9.#LV'x. ....X1.....nO.Q..t.....yu..s.*....>=k...

                                                                                                                                                                  Chrome Cache Entry: 205

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):1072
                                                                                                                                                                  Entropy (8bit):5.9979567683651815
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:m1hkyaWwh82lYSKwGA2gWX7NVuM2T37oyJ3VYN1yK0rvLqYGNpPw7:sZvnLxAFyZWvrJ3OwK0rvL5uI7
                                                                                                                                                                  MD5:8AD891CDD02D4E01CBCD2B316E2E46AB
                                                                                                                                                                  SHA1:996E19C2E0CAC789CF2B14E34386FC74B0444B33
                                                                                                                                                                  SHA-256:423ADF1E941655627B5322D5110B12E90834D2114795EDD0E04FAB1A5726C96D
                                                                                                                                                                  SHA-512:7830B4AE35F6CB2DBC68EA5D77BC8922AEF5B5CF752C14605ED243CA50F4E9699B4684502479A51E8103A0366357F6955A77A50F237CD354E5F7EB93D3760058
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/what-makes-effect-bg.png
                                                                                                                                                                  Preview:.PNG........IHDR.............r..|....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899777, 2023/06/25-23:57:14 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4d6dbc9b-7dfa-5643-b4a6-ea071d480954" xmpMM:DocumentID="xmp.did:CE85A98E5E8F11EEBA26D878899DC289" xmpMM:InstanceID="xmp.iid:CE85A98D5E8F11EEBA26D878899DC289" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:02fc939c-7545-7642-ab37-5c36c7315307" stRef:documentID="adobe:docid:photoshop:cd972449-008f-2c42-8c02-37e33994f9b1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3S....AIDATx.b...?..

                                                                                                                                                                  Chrome Cache Entry: 206

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 111 x 36, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6414
                                                                                                                                                                  Entropy (8bit):7.740868483494991
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:92SLknaHNoYoVmLC+s6ZZyuel3Mddu02CukiX:LgnaNoYoV8C+jZyu6MbldiX
                                                                                                                                                                  MD5:D5A3901E0AABA0A10FEFB6338C2739AF
                                                                                                                                                                  SHA1:764F20320BC4E0A87AA543EBC9D50E220580FC2B
                                                                                                                                                                  SHA-256:C02C004D261564044F56A9558022AE2B14AE8E496C66D6342D210E3E63525516
                                                                                                                                                                  SHA-512:AD05440B5649405CAABC9DB74F479103CB5C7EB88EAC77893858F301CC356352FB1E5C441D2EF1683C8895F4ED786BFF97556E5595D1FB052E27D7DD9B2AFFF7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.PNG........IHDR...o...$......Zd.....pHYs................1iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)" xmp:CreateDate="2023-10-23T11:09:43+05:30" xmp:ModifyDate="2023-10-23T16:46:36+05:30" xmp:MetadataDate="2023-10-23T16:46:36+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:5e4e6b2b-de3e-4546-9b2c-cd9354f9e57d" xmpMM:DocumentID="adobe:docid:photoshop:55844b72-02f7-a54e-a188-3189edb0db77" xmpMM:OriginalDocumentID="xmp.did:3e02dd

                                                                                                                                                                  Chrome Cache Entry: 207

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 143 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):3137
                                                                                                                                                                  Entropy (8bit):7.2570793551597985
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:USLknmWIHpFLIPYlHGLAHRUy/+B2NRWEOwtq:USLknrWmU2y/+B2b44q
                                                                                                                                                                  MD5:7AA575833CF34CA440D2DD3DB14261A7
                                                                                                                                                                  SHA1:23F6D27223AAC415D2FD17E07DE98A15FF976EBC
                                                                                                                                                                  SHA-256:C47501AF410F3327B36E9421B3BA578D11786D23064205353AAAF24D2BDF618F
                                                                                                                                                                  SHA-512:75F441670C02AECC3710681926187A48BA7BA9A1E0A5B382B615D3C6046C1D8312502B61A13CFF239DBB7D49CA5B752F956F83827860355ACBDAB1D2BB355FC3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/cli-1.png
                                                                                                                                                                  Preview:.PNG........IHDR...............^.....pHYs................1iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)" xmp:CreateDate="2023-10-23T11:09:43+05:30" xmp:ModifyDate="2023-10-23T16:44:46+05:30" xmp:MetadataDate="2023-10-23T16:44:46+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:05c37dbd-8b1d-3f47-91c3-daad8f941613" xmpMM:DocumentID="adobe:docid:photoshop:77fcb895-4928-2449-892c-0bcf2153b430" xmpMM:OriginalDocumentID="xmp.did:272b13

                                                                                                                                                                  Chrome Cache Entry: 208

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (4269)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):277481
                                                                                                                                                                  Entropy (8bit):5.545319163526586
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:LxFkUeQ65WHn6xJKQK0+FdOhOJjt+/Kjrv+aUP3m6NIh7R5EtzG2+4jRFFSaz:9n+y6fqsGjrvzjCIhl5OzG2+4jFd
                                                                                                                                                                  MD5:780BBF9FDB095CCBF2D1C2FD29B766B1
                                                                                                                                                                  SHA1:75D9516546D3D084428652CCD02BE263BF98A8B0
                                                                                                                                                                  SHA-256:DCDE2AA153E30CA2082B6A3EEA86CAF4975AB74C883442622F97AFEA22034031
                                                                                                                                                                  SHA-512:3C669B515B568FD4DC6D8D6A93F4AFB175063DB313FB27E2426E6AAAB000BE65B3326C5415CBC9A1DEA9AFC9707E8748290AA87A68FB0B2D43879AB1DB07EE98
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_ads_datatos","priority":15,"vtp_instanceDestinationId":"AW-1057256791","tag_id":15},{"function":"__ogt_cps","priority":5,"vtp_cpsMode":"ALL","tag_id":8},{"function":"__ogt_1p_data_v2","priority":5,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp

                                                                                                                                                                  Chrome Cache Entry: 209

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):988
                                                                                                                                                                  Entropy (8bit):7.7249254907466804
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:kvKt2dUC+kJalyqxRNLiZZbMQ3Ic0Dk3Ya0LPrOi5:V9CDalyqxGZbnYxDSeLTOm
                                                                                                                                                                  MD5:BAABE6F5569324C497E129E115EBADC3
                                                                                                                                                                  SHA1:6AAA33F509A63B755BFBAF20C600FBA888731F9A
                                                                                                                                                                  SHA-256:CA664CCB23C5D2E949A2A562C7C8CF0E2F1A0870D0E7DCF83F9FA22240F11BBC
                                                                                                                                                                  SHA-512:5FB889446DCB3E56B0CB15EE68A78D05B7B551D599B309E1D4560BA667D7E285C79E403E56315F878417D8079E9A8E1A1CEC3AF1E5E0F5003257DBA007DEA471
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew/dmca.webp
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH.....' !......x..".v..F.~5..N...%8L.........O~^.....?P6B*4.. :.4.j;6...z...:;..:.J.;.a.....rh.O8..qEw.[E.,.D...U.M.....q....VP8 ....0....*....>.:.D#!...l..Bx.3B@.eo..P...P...W.c...S...~...z!.....7.7U.(...'..e.....h.v]...Teo..kE.\|......]t......J]*...~x..x..;.9.A...wC..........[.[.Q%.%.....|c0..........._\..c3.O..#'...1.".,...[.t..n:..Z.....O/...?.D.rj.....d#...3....N..."p..>s.. ...45.t....<.+...c!.....z..v9.>....W.......o.....'......./...........|?.x.O.*....F6.3....0.&....u...;.....9.......5...:.7.........}.r.BfT..........p....9........N.y}...m.u.....G."X.W..U..P.|..X..;a-or.r....^.Oq.<x.....;_....f./....X..C.*,..s....s.._6......t2.c...?.R+S.......p.s.s9..a5....z.E;<..}.x.z~.r.).|<.G..)=...s.9.^.%.e...5.....(.Y.W..N=Y|...pt.Nw.....6......P|..#.........I+G`...k.i.........g..Y...W..{..I..+_.[HJ..5...@k.0m..g.Sx..8.....y.}5...[.....x...!9.#LV'x. ....X1.....nO.Q..t.....yu..s.*....>=k...

                                                                                                                                                                  Chrome Cache Entry: 210

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ISO Media, AVIF Image
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):7470
                                                                                                                                                                  Entropy (8bit):7.914896136712579
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:rGA4myJXrXBp0XbLLJSPz8cVwV/NRMslIofdNoLy:rGmsXrXB+LtSP4623ZlIQNsy
                                                                                                                                                                  MD5:C50A99856832FE1BF2FD79E4682F882F
                                                                                                                                                                  SHA1:94DAF1A49052596062237A717D549889FE884F65
                                                                                                                                                                  SHA-256:B2505DC801EC8E4991D97BE678C8649915883BF3D1A18B09C67E85081B05B47B
                                                                                                                                                                  SHA-512:46DEADF7CCD334CB95A11B0301FC6BFBD11491FD5E65152F6D883206304646083EFF86505E1D9C272B07074BAACC6F01F967A3824000A80365B9EF57E0BD5519
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/logo.avif
                                                                                                                                                                  Preview:....ftypavif....avifmif1miaf....meta.......!hdlr........pict.................pitm.........4iloc....D@...........................@.............8iinf..........infe........av01.....infe........av01.....iprp....ipco....colrnclx...........av1C........ispe...........e....pixi.........8auxC....urn:mpeg:mpegB:cicp:systems:auxiliary:alpha.....av1C. ......ispe...........e....pixi............ipma..........................iref........auxl.........zmdat.......r0.2..L$..HU.w....b.....L.{...|Q..<...E...Pc.K.Y....G......k..b..`.YGA.u..;...~..O...b.9...z.N....)....T\U..`.sU.wx...4.........F^.......hD.2._D...i..q....F.....l.K2...0.".w-_s.U.Q...R....[..._.....l3.".U.M..N.,v..hN...F.\(.Q....D...>.3.....].X.l..V.....d......8....}..{...,/TgH.t.=.)M..&<..KS.......>...X.S~.L.gL.ou.....n..%....pP.YJ...'.N~.......i^8..W..{Y*k...c`.z..G.c..F<..`...&......N......F}.!s.<....[.p.Uw..|.tC...y....}j.^F.~.~[.{......E..l...#...#$S..........!........@~..<.........WBkd.s{WxT......}....)`.~}..1

                                                                                                                                                                  Chrome Cache Entry: 211

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (1559)
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):1561
                                                                                                                                                                  Entropy (8bit):4.967688360149846
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:W7ltDBA3k/HKvh9zXpZbSMLq/PLCP2UvUsVH2UBWaKgX7HO0HDHZlt7lyOKqQrug:GjKkyvBJofUveUBpKSHO01bAce
                                                                                                                                                                  MD5:46D30AB5382DF71471A9D5F98AE716B7
                                                                                                                                                                  SHA1:0587EF82F152C2EE93F795587B27C42C10B0D09E
                                                                                                                                                                  SHA-256:354C31943F4FA644FBC1B1CE9EB88CC00333181E9B66430072BAED30321BEB28
                                                                                                                                                                  SHA-512:3109D1D5EBA8DE3FDA61DF7281B092C91A111523E06E91B87B1D210C724D176F1B524719FD535D21079D800E1A855E2B51AE3D26C11E936C5D978756E37A38FE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/jsnew/customscript.js
                                                                                                                                                                  Preview:$(document).ready((function(){$(window).scroll((function(){$(this).scrollTop()>580?($(".to-top").addClass("yessshow"),$(".sticky").addClass("chemu")):($(".to-top").removeClass("yessshow"),$(".sticky").removeClass("chemu"))})),$((function(){$("span.starsAll").stars()})),$.fn.stars=function(){return $(this).each((function(){$(this).html($("<span />").width(22*Math.max(0,Math.min(5,parseFloat($(this).html())))))}))}})),$(document).ready((function(){$("#msubmenubar a.goon").click((function(t){t.preventDefault(),$('a[href="'+$(this).attr("href")+'"]').tab("show")}))})),$(document).ready((function(){$('a[rel="relativeanchor"]').click((function(t){return t.preventDefault(),$("html, body").animate({scrollTop:$($.attr(this,"href")).offset().top-135},1e3),!1}))})),$(document).ready((function(){$('a[rel="myrelativeanchor"]').click((function(){return $("html, body").animate({scrollTop:$($.attr(this,"href")).offset().top-360},500),!1}))})),$(document).ready((function(){$(".accordion-collapse").on("

                                                                                                                                                                  Chrome Cache Entry: 212

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (11407), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):11417
                                                                                                                                                                  Entropy (8bit):4.806621624879621
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:vVP1SaZCD0GFt/icC4j1gXctjhMeItTK17OpfY3gl98MTcSrUITBjPKwlHjwpDg4:vVP1SaZM08ocC4j1wrKcpfigz8KQITo9
                                                                                                                                                                  MD5:E54AFB0FB0B424DDF8AC2D10E7706E1F
                                                                                                                                                                  SHA1:E9521A44A02E2BAB6268AD2AC9D8B67B7DF88F7F
                                                                                                                                                                  SHA-256:540D1180609B2BCDE166D0DA3F060D0522676C8ADC1B1A5220F5890F132BE7E2
                                                                                                                                                                  SHA-512:5A7AB4AB11FD23969A0F293B2893924C986BC15F726D0791CF08720D89225D069010C5F2FB2F243F207F623E212AF59BAE3264F04A214823C78882B79ACD491E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://api.livechatinc.com/v3.4/customer/action/get_localization?organization_id=808fbd9a-f30d-4312-96e4-6fce80bc2657&version=470b74842e9d45ce9f156d1d5a957bad_aea128ea36ac8ba0bab62c8f00ff7480&language=en&group_id=0&jsonp=__lc_localization
                                                                                                                                                                  Preview:__lc_localization({"Add_alternative_text":"Add alternative text","Add_image_alternative_text_confirmation":"Add alternative text to the %name% image","Agents_currently_not_available":"Our agents are not available at the moment.","Agents_not_available":"Our agents are not available at the moment.","Agents_not_available_continuous":"Our agents are not available right now, but you can still send messages. We'll notify you at your email address when you get a reply.","Alt_text":"alt text","Alternative_text_description":"Alternative text is essential for people with disabilities who use screen readers","Ask_for_email_confirmation":"Thanks! You'll hear from us at:","Ask_for_email_question":"Sorry, but I won't be able to reply as soon as I thought. Please leave your email so I can get back to you later.","Assistly_ticket_created":"A support ticket has been created for your case.","Assistly_ticket_notification":"You will be emailed at %email% when it's resolved.","Attach_screenshot":"Attach a

                                                                                                                                                                  Chrome Cache Entry: 213

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (390), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):390
                                                                                                                                                                  Entropy (8bit):5.069196367207064
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:fCd2HDi1zBIhyYHA1Gds1i88Kb9vpxR1DZ+VbCVZk68kWgJJfJSVOpMEkWKWt+XK:ii7KbxrDZ+pCOwJJfJftkRN+hh
                                                                                                                                                                  MD5:D6BA1430B0041BCDE445D7104769D14D
                                                                                                                                                                  SHA1:B2083C5AADBFA515748AF3A0B0C011EE8A87ADCD
                                                                                                                                                                  SHA-256:5529E15A613EFF3F7A4113C152BC826031A84E88EEFC959CA558BE76D57457A5
                                                                                                                                                                  SHA-512:B3713EC0AC433A22E7FC8599EF4E4488501E182AE7F684A65A3AF4542034E47BA937C278A8A41081C8304B6719EC258B42E7224083D1C8D737ED4C38018118DE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?license_id=8697156&client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&channel_type=code&implementation_type=potentially_gtm&jsonp=__wpuoihcpxlf
                                                                                                                                                                  Preview:__wpuoihcpxlf({"organization_id":"808fbd9a-f30d-4312-96e4-6fce80bc2657","livechat_active":true,"livechat":{"group_id":0,"client_limit_exceeded":false,"domain_allowed":true,"online_group_ids":[0],"config_version":"3142.0.10.808.59.180.10.13.6.6.6.36.3","localization_version":"470b74842e9d45ce9f156d1d5a957bad_aea128ea36ac8ba0bab62c8f00ff7480","language":"en"},"default_widget":"livechat"});

                                                                                                                                                                  Chrome Cache Entry: 214

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 111 x 36, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):6414
                                                                                                                                                                  Entropy (8bit):7.740868483494991
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:92SLknaHNoYoVmLC+s6ZZyuel3Mddu02CukiX:LgnaNoYoV8C+jZyu6MbldiX
                                                                                                                                                                  MD5:D5A3901E0AABA0A10FEFB6338C2739AF
                                                                                                                                                                  SHA1:764F20320BC4E0A87AA543EBC9D50E220580FC2B
                                                                                                                                                                  SHA-256:C02C004D261564044F56A9558022AE2B14AE8E496C66D6342D210E3E63525516
                                                                                                                                                                  SHA-512:AD05440B5649405CAABC9DB74F479103CB5C7EB88EAC77893858F301CC356352FB1E5C441D2EF1683C8895F4ED786BFF97556E5595D1FB052E27D7DD9B2AFFF7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/cli-4.png
                                                                                                                                                                  Preview:.PNG........IHDR...o...$......Zd.....pHYs................1iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)" xmp:CreateDate="2023-10-23T11:09:43+05:30" xmp:ModifyDate="2023-10-23T16:46:36+05:30" xmp:MetadataDate="2023-10-23T16:46:36+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:5e4e6b2b-de3e-4546-9b2c-cd9354f9e57d" xmpMM:DocumentID="adobe:docid:photoshop:55844b72-02f7-a54e-a188-3189edb0db77" xmpMM:OriginalDocumentID="xmp.did:3e02dd

                                                                                                                                                                  Chrome Cache Entry: 215

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):534
                                                                                                                                                                  Entropy (8bit):6.941075765602815
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:fWWpn/WOxRFBDmFEqV+RGBaY1QoQk+d6jVfrMQxZt:fhp/WOxRvDmFEqV+EBJQk3xQOT
                                                                                                                                                                  MD5:B6CA4248A053F453EC0C1F0D16566262
                                                                                                                                                                  SHA1:0A478653B02564E7C0497BB9F560BF1014EB14AC
                                                                                                                                                                  SHA-256:FC72B5371278DBECB95B910B35708BD8C0404CD7B5DECE711BB7D00B0BD20DD2
                                                                                                                                                                  SHA-512:EEC523C924D80B8DE2A08FDAA4843E97659D1618CED83EAA9F7713B47D3DBA26D34A79D91CE71D25B14767F9A9F9DEE74572489E88DD45A444FD39CF86695EF3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/soc003.webp
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH/......m.GWl'.Ye.ls.....mv9R%...=S..m.q.........{/.=m...v_.gZ.....Yt.......KpV.....93g..7......<..3f...{V,.....m.....%..?..gO_...O.<..OkS.......)....:99N\..R.....}......x.PE@.k=q.G...d.rW.C.&M.I.s..LuHz..4...0.h5.'.%z.R...ZO.z$...Z...x...=....T.wV.VQk..W}jkj.9/..@}s.yIg.,z..-...3....|..;m..>?...VP8 b........* . .>.H.K%.".......@.............x.......&......M....C!w:W.o.^.sJ%.t...S.Y...d..H?z.'^...PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 216

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 390 x 260, 8-bit colormap, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32339
                                                                                                                                                                  Entropy (8bit):7.934857846055401
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:kJ9n07H0N9P6ySyPuxzy4gxklYtiqB0lV4jR6+2Wyg0T3GqRawx8qVvD02hI0m:++uJVVP6zgk2F9bQgsawVVbdh8
                                                                                                                                                                  MD5:E00CE6EA94769048C36B46724F14BE6F
                                                                                                                                                                  SHA1:C7D2A9C0B2ACA122DB95DD731244FB71FC9FB720
                                                                                                                                                                  SHA-256:91863BD03F5DFCEF6EAD5360EA61EE282FFA910046FC85D846C7B19D68D384EB
                                                                                                                                                                  SHA-512:2802E7982067DD484324F13136B23C8852D81E111B6A28F10D1F3FC5517F5CEC0AE1575B84E41C975863B077F24AC270A498DA150F931433ED9361DD028F84A0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.PNG........IHDR..............&c.....PLTE......l_LUPD..y.......nR.#1...KSSADC{jU/.+DKL...zeQ...;3,wZE443...343.nB2333)#..q000%...........................B82...*++...............yJ@8......./....."..-.-=........dH;pOA...fH;...!+9[?6...'3.lOB...!+....jM?*@"#'.~rN2M./5.......tWG....P..{.jK..._k6.t;?CH-8........M).yF..".rBxWH...j2'F,@;3..N.......aQdH>...@^@1@.N^!O4+1T3RH@'2C4Z9'+-......W.U..ddgh...-..=..b..X...pts...2C.7=&M\4.}H._3.....$4&!.j=.cBN.96,..nmG6...t^S..}...W`#];*...."2x]Q>O$...w`.o3............u6~...}:YPK~~{VY_FI.Q:/GZ0lyM..;.tGGY-.oj.<.{9.W;yK3.lSbYR?=B.......>^rD.ncks?KQX_qC..........X.{Kepq..O..Pq.d..t.kc....Z................................$........*......... ..#.....S7+82.E,....N3#......3#.)%"F1'*..='....,,,.. ]A389;.x........]BCFKNR..l.`...uT..W[^.jK...`B.p.......tRNS............,s.=.G...f."..4..4..)!.%W..M...T.|?.X`.p...Jp`.......>.....D.....,N6.Z.c......c..*.......uk......2......T....W.......;...............n..x..........]...

                                                                                                                                                                  Chrome Cache Entry: 217

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (7711)
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):340845
                                                                                                                                                                  Entropy (8bit):5.599776527162483
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:M4JCn+yZCSPszjrvwB9YzG2+4jQseSGVcwOu0pUDSBY:VJ5uCSPr26O9pUD9
                                                                                                                                                                  MD5:A3D740FA352E6CD132BFC2DB659412D0
                                                                                                                                                                  SHA1:F999585C39B770479C54B5ABE4EC57065750B3DB
                                                                                                                                                                  SHA-256:C08FEA59E733143018240E194F085CC27296B78618198EB71E88FA126385AE50
                                                                                                                                                                  SHA-512:0D337D3A09C2306443BCD79D365D057DC0EB39EA79AABDD16F5181019E8300C015811E61065909A42E8306690429D950096DA8BD8B3BB6D12E0F7AEBAEF69608
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.googletagmanager.com/gtag/js?id=G-Q687VE4VEB&l=dataLayer&cx=c
                                                                                                                                                                  Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"7",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":false},{"function":"__c","vtp_value":false},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":14,"vtp_value":true,"tag_id":11},{"function":"__ogt_session_timeout","priority":14,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":13},{"function":"__ogt_ip_mark","priority":14,"vtp_instanceOrder":0,"vtp_paramValue":"office","vtp_ruleResult":["macro",1],"tag_id":14},{"function":"__ogt_ip_mark","priority":14,"vtp_instanceOrder":1,"vtp_paramValue":"internal","vtp_ruleResult":["macro",2],"tag_id":15},{"function":"__ogt_1p_data_v2","priority":14,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SE

                                                                                                                                                                  Chrome Cache Entry: 218

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):240
                                                                                                                                                                  Entropy (8bit):4.554738024417052
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:ABgXGeAxgB1arV0QXGVq/QRYLjRlXKJDGMb/AgwiU9:AT5xgBEPSuSDGK/wb
                                                                                                                                                                  MD5:8EC94005C25C7E0874B7B048EA97DC00
                                                                                                                                                                  SHA1:2649E6120DFF6489D15CF68A590E6E73E153AAE3
                                                                                                                                                                  SHA-256:D3B76FB03A7607B5DA00FC0252BE26FEF8C76A0B68FEB2FF19B439EEEAB3F705
                                                                                                                                                                  SHA-512:9A70F8F3A88F62567ACC8CA189563118B54F15202CB1C9A5CB055F4D6D3FD1DC2E8B6F8F76768F42B57563546F10A12B51E460183E2C224226CFD25C624DDD76
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/12.Gv78iMd6.chunk.js
                                                                                                                                                                  Preview:function n(n){return function(t){return function(i,e){var o;0===i&&t(0,(function(t,i){if(1===t||2===t&&void 0===i){if(!o&&2===t)return e(t,i);o&&clearTimeout(o),o=setTimeout((function(){e(t,i),o=void 0}),n)}else e(t,i)}))}}}export{n as d};.

                                                                                                                                                                  Chrome Cache Entry: 219

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):720
                                                                                                                                                                  Entropy (8bit):7.286613713051792
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:46WWpnZ2HB0gDsF7Pl5LvibllxtuvxEF1fLPll0vLY9taWpA4FXCuSQ1DNqo6BM4:ZhpshnDI7d5Lv+/nBT7sSaWpiujZC2OT
                                                                                                                                                                  MD5:FCC86F732D001C908678DA12DEDF4859
                                                                                                                                                                  SHA1:2FF238E406D997BB25DDE2093C0C71E47FA50B01
                                                                                                                                                                  SHA-256:A2C61002F8F47DC6DEC002C0D172382D30608BE50CC549545EDA73199BF23C93
                                                                                                                                                                  SHA-512:236DE7BBFEAF20A450AF43FC22FDB7E5AC79F285FC7F5C6797D2C00D1838B47337C7765E4EF79B566DBD836EE4125B6058DFBC0C0AE9B7D7901AA25BA438934F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/soc004.webp
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH......(I.i[}m.}.m.m.m.y.l...............@3]I.rs-.3P..r5.!.....0.......:..<....~...Dp.:.fwl..!O..........[..e.x$...a.....l.a.!... a..a....m9Q@..C+.x....../......WC...-..hk..Q.:.k.[.F..u..[.^..f..OQ...R...._...M.7g...m:............\.....Q...}....{$.J]"?.*.4{2.....%_.3.....OP.Up%.7...O>.fI..U.....:....o.... ...G.D...}.F.F..?.j....t...o.$.[_.(.....+. v..|..Gr...(.............P..-...4u'..X}z..M.7,...}'..!.s....H.}.g._vyA.....7...VP8 .........* . .>.>.H%.".0.....l..2.{_................&..:....&..S.....)...y.H..VCu..b..D.xf...G.\.x...B3...z..'x....7.M9SJ-...?...PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 220

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):371
                                                                                                                                                                  Entropy (8bit):4.600540137157355
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:2LGaUImyCp0GlYM1wBJPyQK5DrIt6xfeGYqX3ofWLGJw47Jsr4z+LAltEsVsVsVo:2ffmyCkMwykgIaoO4nsrqH9yyyv
                                                                                                                                                                  MD5:97CF0FE353C517CEA6CB3E1F2E7EDFC9
                                                                                                                                                                  SHA1:58D8EB24BFD5CA347B6A0A72894E6C8B6EAE198F
                                                                                                                                                                  SHA-256:0E0C8CEDB72A7E5A3080203509132486E267E5D1B0C5C6EAE78AC16F7928FF01
                                                                                                                                                                  SHA-512:F3D33FE997DC8FDFF9B122C208321F1DB35B2A6C2650C8EAC119A2A20FAE74874691340C3419283AE0914E5405D51E40BF787469B3A7A2B66A81A68B6E2009EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://bat.bing.com/p/action/138001625.js
                                                                                                                                                                  Preview:(function(w,d,c,k,a,b,t,e) {.. var cs = d.currentScript;.. if (cs) {.. var uo = cs.getAttribute('data-ueto');.. if (uo && w[uo] && typeof w[uo].setUserSignals === 'function') {.. w[uo].setUserSignals({'co': c, 'kc': k, 'at': a, 'bi': b, 'dt': t, 'ec': e});.. }.. }..})(window, document, 'us', false, false, false, false, false);..

                                                                                                                                                                  Chrome Cache Entry: 221

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (5364), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):5364
                                                                                                                                                                  Entropy (8bit):5.944362051846169
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:1gWUfvlcY021mvn1blhad7OIJoodnbUp2dEjkRURnEsTHbH4E92ZWlN:1DY0hf1bT47OIqWb1DsTrbMZk
                                                                                                                                                                  MD5:EACA6CF1556B35B3D0DB7445DAA2CF71
                                                                                                                                                                  SHA1:7BB575FC55751FBC2A468AFEE16AD9CB62D00EED
                                                                                                                                                                  SHA-256:98DCC70B11C306081CF86FE82DF3BEBD4BC4900FE530536A47380C93D0683B94
                                                                                                                                                                  SHA-512:66DE4A415233438E5767FC3EC772983E3770A2F8549BFD102502D47C6C5540037CF7C7B3F52FA9C99D04C8E30EBA23A45C55694272FBEC9210D2068375247125
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.googleadservices.com/pagead/conversion/1057256791/?random=1727796422723&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&rfmt=3&fmt=4
                                                                                                                                                                  Preview:(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]}c=c[c.length-1];d=p&&d==="es6"?g[c]:null;b=b(d);b!=null&&(a?h(t,c,{configurable:!0,writable:!0,value:b}):b!==d&&(v[c]===void 0&&(a=Math.random()*1E9>>>0,v[c]=p?m.Symbol(c):"$jscp$"+a+"$"+c),h(g,v[c],{co

                                                                                                                                                                  Chrome Cache Entry: 222

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):231
                                                                                                                                                                  Entropy (8bit):4.922816391433227
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:AjDLauQDLAaDt5NPhAXk0usMWWXoPfTESWEVgUOvn:AjXaPXAIt5NPaXk3WhHTEHEIvn
                                                                                                                                                                  MD5:C77C70C8570694D5E20553711A6D1B28
                                                                                                                                                                  SHA1:72E8A99D408CCA32977B7C54D2210D53188E94E7
                                                                                                                                                                  SHA-256:BC125921B5E4DDE1C19D4FBC0A6EF3EA616EEE9577822C96B29789B7F69BA5FD
                                                                                                                                                                  SHA-512:7E955D05ED7C1D8637B00590FBD00E61B5458AA185A87AD983780333BFC93322F40359D0FCD27B73DF82E70E765FBE15C10D6707EAB659B84CEC6AF5C57078E9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:function n(){return(n=Object.assign?Object.assign.bind():function(n){for(var r=1;r<arguments.length;r++){var a=arguments[r];for(var t in a)({}).hasOwnProperty.call(a,t)&&(n[t]=a[t])}return n}).apply(null,arguments)}export{n as _};.

                                                                                                                                                                  Chrome Cache Entry: 223

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (390), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):390
                                                                                                                                                                  Entropy (8bit):5.069196367207064
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:fCd2HDi1zBIhyYHA1Gds1i88Kb9vpxR1DZ+VbCVZk68kWgJJfJSVOpMEkWKWt+XK:ii7KbxrDZ+pCOwJJfJftkRN+hh
                                                                                                                                                                  MD5:D6BA1430B0041BCDE445D7104769D14D
                                                                                                                                                                  SHA1:B2083C5AADBFA515748AF3A0B0C011EE8A87ADCD
                                                                                                                                                                  SHA-256:5529E15A613EFF3F7A4113C152BC826031A84E88EEFC959CA558BE76D57457A5
                                                                                                                                                                  SHA-512:B3713EC0AC433A22E7FC8599EF4E4488501E182AE7F684A65A3AF4542034E47BA937C278A8A41081C8304B6719EC258B42E7224083D1C8D737ED4C38018118DE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:__wpuoihcpxlf({"organization_id":"808fbd9a-f30d-4312-96e4-6fce80bc2657","livechat_active":true,"livechat":{"group_id":0,"client_limit_exceeded":false,"domain_allowed":true,"online_group_ids":[0],"config_version":"3142.0.10.808.59.180.10.13.6.6.6.36.3","localization_version":"470b74842e9d45ce9f156d1d5a957bad_aea128ea36ac8ba0bab62c8f00ff7480","language":"en"},"default_widget":"livechat"});

                                                                                                                                                                  Chrome Cache Entry: 224

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (23730)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):321843
                                                                                                                                                                  Entropy (8bit):5.55670996408814
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:c2x2Hn+yCAQyGjrvzjCIhl5Zch2+4jQpGU:c2xZxAQxl5EP
                                                                                                                                                                  MD5:80965D152517A9D24BF8B85ADFB135AF
                                                                                                                                                                  SHA1:A177E0DDBAE895C78439D4BD4FE16C733A3B03F9
                                                                                                                                                                  SHA-256:C6A0DD50AB20D7685135EA6BA87B3D9558F5AC58F14EF788443D7A6552A63AD5
                                                                                                                                                                  SHA-512:627F4882A5DF864AD41F36D4F1469CCE280F9E53C93F795E88081FE5E5A1900623F2BC7754E59EFC126AD141F7506B28012A199E537539B2B57028F2017BF7C7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"40",. . "macros":[{"function":"__e"},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__remm","vtp_setDefaultValue":true,"vtp_input":["macro",1],"vtp_fullMatch":false,"vtp_replaceAfterMatch":false,"vtp_defaultValue":"Other group","vtp_ignoreCase":true,"vtp_map":["list",["map","key","^\/$","value","Home"],["map","key","buy","value","Buy"],["map","key","\/blog\/","value","Blog"],["map","key","\/supportcenter\/","value","Support Center"],["map","key","\/how-to\/","value","How tos"],["map","key","\/outlook-errors\/","value","Outlook Errors"],["map","key","\/access-problems\/","value","Access Problems"],["map","key","\/kernel-store\/","value","Kernel Store"],["map","key","\/solutions\/","value","Solutions"],["map","key","\/products.html","value","Product"],["map","key","\/casestudy\/","value","Case Study"

                                                                                                                                                                  Chrome Cache Entry: 225

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 390 x 260, 8-bit colormap, non-interlaced
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):32339
                                                                                                                                                                  Entropy (8bit):7.934857846055401
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:kJ9n07H0N9P6ySyPuxzy4gxklYtiqB0lV4jR6+2Wyg0T3GqRawx8qVvD02hI0m:++uJVVP6zgk2F9bQgsawVVbdh8
                                                                                                                                                                  MD5:E00CE6EA94769048C36B46724F14BE6F
                                                                                                                                                                  SHA1:C7D2A9C0B2ACA122DB95DD731244FB71FC9FB720
                                                                                                                                                                  SHA-256:91863BD03F5DFCEF6EAD5360EA61EE282FFA910046FC85D846C7B19D68D384EB
                                                                                                                                                                  SHA-512:2802E7982067DD484324F13136B23C8852D81E111B6A28F10D1F3FC5517F5CEC0AE1575B84E41C975863B077F24AC270A498DA150F931433ED9361DD028F84A0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/bnr-thanku.png
                                                                                                                                                                  Preview:.PNG........IHDR..............&c.....PLTE......l_LUPD..y.......nR.#1...KSSADC{jU/.+DKL...zeQ...;3,wZE443...343.nB2333)#..q000%...........................B82...*++...............yJ@8......./....."..-.-=........dH;pOA...fH;...!+9[?6...'3.lOB...!+....jM?*@"#'.~rN2M./5.......tWG....P..{.jK..._k6.t;?CH-8........M).yF..".rBxWH...j2'F,@;3..N.......aQdH>...@^@1@.N^!O4+1T3RH@'2C4Z9'+-......W.U..ddgh...-..=..b..X...pts...2C.7=&M\4.}H._3.....$4&!.j=.cBN.96,..nmG6...t^S..}...W`#];*...."2x]Q>O$...w`.o3............u6~...}:YPK~~{VY_FI.Q:/GZ0lyM..;.tGGY-.oj.<.{9.W;yK3.lSbYR?=B.......>^rD.ncks?KQX_qC..........X.{Kepq..O..Pq.d..t.kc....Z................................$........*......... ..#.....S7+82.E,....N3#......3#.)%"F1'*..='....,,,.. ]A389;.x........]BCFKNR..l.`...uT..W[^.jK...`B.p.......tRNS............,s.=.G...f."..4..4..)!.%W..M...T.|?.X`.p...Jp`.......>.....D.....,N6.Z.c......c..*.......uk......2......T....W.......;...............n..x..........]...

                                                                                                                                                                  Chrome Cache Entry: 226

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):80134
                                                                                                                                                                  Entropy (8bit):5.179143637316361
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:YSMTGR2t4n+3ifBHJR9WbUHk3j8YY+PwRM3CGJI9BqQM6kE:p4Fj8GPwRM3CiI9BtP
                                                                                                                                                                  MD5:6A48426946F14478E1494531163BFBCE
                                                                                                                                                                  SHA1:215B40549736AA625B937621FAA89ACE3AFBD091
                                                                                                                                                                  SHA-256:005987B9C68284DCDE7BAEB4C52DE971F6FCC5D66452C478839CF92262F898BB
                                                                                                                                                                  SHA-512:DC81CD0DDF8FC8C041A5420B9403EB3724B78F495C8A49ECF801CA49DF2BDE113B1837907B3C53B24CEFEC161E09EA7C9C582EDD75E01BC149202C68BFAAEC5F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).bootstrap=e()}(this,(function(){"use strict";const t="transitionend",e=t=>{let e=t.getAttribute("data-bs-target");if(!e||"#"===e){let i=t.getAttribute("href");if(!i||!i.includes("#")&&!i.startsWith("."))return null;i.includes("#")&&!i.startsWith("#")&&(i=`#${i.split("#")[1]}`),e=i&&"#"!==i?i.trim():null}return e},i=t=>{const i=e(t);return i&&document.querySelector(i)?i:null},n=t=>{const i=e(t);return i?document.querySelector(i):null},s=e=>{e.dispatchEvent(new Event(t))},o=t=>!(!t||"object"!=typeof t)&&(void 0!==t.jquery&&(t=t[0]),void 0!==t.nodeType),r=t=>o(t)?t.jquery?t[0]:t:"string"==typeof t&&t.length>0?document.querySelector(t):null,a=t=>{if(!o(t)||0===t.getClientRects().length)return!1;const e="visible"===getComputedStyle(t).getPropertyValue("visibility"),i=t.closest("details:not([open])");if(!i

                                                                                                                                                                  Chrome Cache Entry: 227

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (50522), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):50523
                                                                                                                                                                  Entropy (8bit):5.297134171375771
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:IaOFhhR9OIFhOjfRysgLzQyVwhYyDMsWxKQ:IaOFnR2DRszQekTWUQ
                                                                                                                                                                  MD5:14272A6CDF99BDC079B8EC8097889F49
                                                                                                                                                                  SHA1:2343F9F1D29F3B034F3B8FFB7A92BFFD98A88450
                                                                                                                                                                  SHA-256:73AAA4E6BFC1DBED5F3F934710D1ADA545F4068742235E59D0CB74F0EAF0A3C4
                                                                                                                                                                  SHA-512:BD83B900ACBFB123F485F46DE1692710B7C77DE90739CA3CFAB7A58CF3B71FCD9D97FCCEC6762528886C57A41F101574209F65B2BEF745613F0BCB7D196200A5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://bat.bing.com/bat.js
                                                                                                                                                                  Preview:function UET(o){this.stringExists=function(n){return n&&n.length>0};this.domain="bat.bing.com";this.domainCl="bat.bing.net";this.URLLENGTHLIMIT=4096;this.pageLoadEvt="pageLoad";this.customEvt="custom";this.pageViewEvt="page_view";o.Ver=o.Ver!==undefined&&(o.Ver==="1"||o.Ver===1)?1:2;this.uetConfig={};this.uetConfig.consent={enabled:!1,adStorageAllowed:!0,adStorageUpdated:!1,hasWaited:!1,waitForUpdate:0,enforced:!1};this.uetConfig.tcf={enabled:!1,vendorId:1126,hasLoaded:!1,timeoutId:null,gdprApplies:undefined,adStorageAllowed:undefined,measurementAllowed:undefined,personalizationAllowed:undefined};this.uetConfig.cusig={hasLoaded:!1,timeoutId:null,blob:{}};this.beaconParams={};this.supportsCORS=this.supportsXDR=!1;this.paramValidations={string_currency:{type:"regex",regex:/^[a-zA-Z]{3}$/,error:"{p} value must be ISO standard currency code"},number:{type:"num",digits:3,max:999999999999},integer:{type:"num",digits:0,max:999999999999},hct_los:{type:"num",digits:0,max:30},date:{type:"regex",

                                                                                                                                                                  Chrome Cache Entry: 228

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):371
                                                                                                                                                                  Entropy (8bit):4.600540137157355
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:2LGaUImyCp0GlYM1wBJPyQK5DrIt6xfeGYqX3ofWLGJw47Jsr4z+LAltEsVsVsVo:2ffmyCkMwykgIaoO4nsrqH9yyyv
                                                                                                                                                                  MD5:97CF0FE353C517CEA6CB3E1F2E7EDFC9
                                                                                                                                                                  SHA1:58D8EB24BFD5CA347B6A0A72894E6C8B6EAE198F
                                                                                                                                                                  SHA-256:0E0C8CEDB72A7E5A3080203509132486E267E5D1B0C5C6EAE78AC16F7928FF01
                                                                                                                                                                  SHA-512:F3D33FE997DC8FDFF9B122C208321F1DB35B2A6C2650C8EAC119A2A20FAE74874691340C3419283AE0914E5405D51E40BF787469B3A7A2B66A81A68B6E2009EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:(function(w,d,c,k,a,b,t,e) {.. var cs = d.currentScript;.. if (cs) {.. var uo = cs.getAttribute('data-ueto');.. if (uo && w[uo] && typeof w[uo].setUserSignals === 'function') {.. w[uo].setUserSignals({'co': c, 'kc': k, 'at': a, 'bi': b, 'dt': t, 'ec': e});.. }.. }..})(window, document, 'us', false, false, false, false, false);..

                                                                                                                                                                  Chrome Cache Entry: 229

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):85563
                                                                                                                                                                  Entropy (8bit):5.229927593881849
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:uDCG0rTBcF/EDZeYiklEqgJUluiljTxAH4Qo97N:uWG0ysDMYikfcuAH47x
                                                                                                                                                                  MD5:2EE5206D609427C4E6856E492819A823
                                                                                                                                                                  SHA1:6553F33F849E7F8084DE9ADDCD9405B96EB1E904
                                                                                                                                                                  SHA-256:B0E8904DB7A2AD5B8A3AE50CE7A2312AED5841C4138ADDFEAE02FBA3D92F05BD
                                                                                                                                                                  SHA-512:BF5497837A66E9ED09C76F56D68A778C40EB39EC2514CD6ED43332BF366F3C065A76AC1E47ABB1011BB1D469BEF74F84124AAB584CD85F5FBFDA6AC24B585E29
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:!function(){"use strict";function e(e,t){return e+t}const{hasOwnProperty:t}={};function n(e,n){return t.call(n,e)}function i(){return(i=Object.assign||function(e){for(var t=arguments.length,i=Array(t>1?t-1:0),o=1;t>o;o++)i[o-1]=arguments[o];return i.forEach((t=>{for(const i in t)n(i,t)&&(e[i]=t[i])})),e}).apply(void 0,arguments)}function o(e){return Array.isArray(e)}function r(e){return"object"==typeof e&&null!==e&&!o(e)}function a(e){if("keys"in Object&&"function"==typeof Object.keys)return Object.keys(e);const t=[];for(const n in e)Object.prototype.hasOwnProperty.call(e,n)&&t.push(n);return t}function s(e,t){return a(t).reduce(((n,i)=>(n[i]=e(t[i]),n)),{})}function c(e){return o(e)?e.map(c):r(e)?s(c,e):e}function l(e){return o(e)?e.filter((e=>null!=e&&!Number.isNaN(e))):Object.keys(e).reduce(((t,n)=>{const i=e[n];return null==i||Number.isNaN(i)||(t[n]=i),t}),{})}function d(e,t){for(let n=0;t.length>n;n++){const i=t[n];if(e(i))return i}}function u(e,t){for(let n=t.length-1;n>=0;n--)if

                                                                                                                                                                  Chrome Cache Entry: 230

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Java source, ASCII text, with very long lines (49245)
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):137495
                                                                                                                                                                  Entropy (8bit):5.267322753641152
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:wFZ02FkgfhACvBctiEWJfmYShmud+jHPL4+HOwIE6P9y9CAwcn/g7jyMHbI:wFm2FPfhACiSZ4+jHPNF6PU71nYvyM7I
                                                                                                                                                                  MD5:784C5718D508CD202128224724FD1EF3
                                                                                                                                                                  SHA1:56D33BB419A5EA3D96E6F59778D1DB7703DEC43D
                                                                                                                                                                  SHA-256:3BFB8B0CB0F25C535A7822E7EDF88F1ACDED26629CF38386D5BA95BCE3AB8E21
                                                                                                                                                                  SHA-512:92BF217C36D5B9FBBE43A059CD127948FF74577BC018866E5F21413E0F369DB8ECA364750F4714274D41ADA46A6BB91E058F8FF9036538E9F8AFA4DEEB7E181B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/5.4VquQRII.chunk.js
                                                                                                                                                                  Preview:import{k as e}from"./4.C_rgEAoe.chunk.js";var t="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function n(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function r(e){if(e.__esModule)return e;var t=e.default;if("function"==typeof t){var n=function e(){return this instanceof e?Reflect.construct(t,arguments,this.constructor):t.apply(this,arguments)};n.prototype=t.prototype}else n={};return Object.defineProperty(n,"__esModule",{value:!0}),Object.keys(e).forEach((function(t){var r=Object.getOwnPropertyDescriptor(e,t);Object.defineProperty(n,t,r.get?r:{enumerable:!0,get:function(){return e[t]}})})),n}const l=e=>(t,n)=>{if(0!==t)return;let r,l;function a(e,t){1===e&&(l||r)(1,t),2===e&&(l&&l(2),r&&r(2))}e(0,(e,t)=>{if(0===e)r=t,n(0,a);else if(1===e){const e=t;l&&l(2),e(0,(e,t)=>{0===e?(l=t,l(1)):1===e?n(1,t):2===e&&t?(r&&r(2),n(2,t)):2===e&&(r?(l=void 0,r(1

                                                                                                                                                                  Chrome Cache Entry: 231

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (11407), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):11417
                                                                                                                                                                  Entropy (8bit):4.806621624879621
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:vVP1SaZCD0GFt/icC4j1gXctjhMeItTK17OpfY3gl98MTcSrUITBjPKwlHjwpDg4:vVP1SaZM08ocC4j1wrKcpfigz8KQITo9
                                                                                                                                                                  MD5:E54AFB0FB0B424DDF8AC2D10E7706E1F
                                                                                                                                                                  SHA1:E9521A44A02E2BAB6268AD2AC9D8B67B7DF88F7F
                                                                                                                                                                  SHA-256:540D1180609B2BCDE166D0DA3F060D0522676C8ADC1B1A5220F5890F132BE7E2
                                                                                                                                                                  SHA-512:5A7AB4AB11FD23969A0F293B2893924C986BC15F726D0791CF08720D89225D069010C5F2FB2F243F207F623E212AF59BAE3264F04A214823C78882B79ACD491E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:__lc_localization({"Add_alternative_text":"Add alternative text","Add_image_alternative_text_confirmation":"Add alternative text to the %name% image","Agents_currently_not_available":"Our agents are not available at the moment.","Agents_not_available":"Our agents are not available at the moment.","Agents_not_available_continuous":"Our agents are not available right now, but you can still send messages. We'll notify you at your email address when you get a reply.","Alt_text":"alt text","Alternative_text_description":"Alternative text is essential for people with disabilities who use screen readers","Ask_for_email_confirmation":"Thanks! You'll hear from us at:","Ask_for_email_question":"Sorry, but I won't be able to reply as soon as I thought. Please leave your email so I can get back to you later.","Assistly_ticket_created":"A support ticket has been created for your case.","Assistly_ticket_notification":"You will be emailed at %email% when it's resolved.","Attach_screenshot":"Attach a

                                                                                                                                                                  Chrome Cache Entry: 232

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (2748), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2749
                                                                                                                                                                  Entropy (8bit):5.18206677945532
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:3N1GH33vE9GH9QK3cVxlvd/9ueiY+p8yy+o7il/iljDzAcGESHtgTsm:3b63vE9oOK34FdTiY+WH+YilIfzTSHtC
                                                                                                                                                                  MD5:95255E39B16955568629C75DA9D68F4C
                                                                                                                                                                  SHA1:2459035F77742DE3F708FE293C8C030D98E0E2ED
                                                                                                                                                                  SHA-256:DF6B0FFB1121F01D9D9D855C5A81AE7EAF072C08FB7B8B93214734008D912405
                                                                                                                                                                  SHA-512:7C4847C0EAB10113C0B601B6B77E3685ACDA29B482FD8C36480E2096DE4AFD8C5C0631E491285E112C67B927EA6EBCCB03023CB2950FC1E3353813167F1AE71F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:!function(){var e;function o(e){var o=(navigator.userLanguage||navigator.language).substr(0,2);return e[o]?e[o]:e.en}function t(e,o){var n;for(n in o)o.hasOwnProperty(n)&&("object"==typeof e[n]?e[n]=t(e[n],o[n]):e[n]=o[n]);return e}document.addEventListener("DOMContentLoaded",(function(){e||new cookieNoticeJS})),window.cookieNoticeJS=function(){if(void 0===e&&(e=this,document.cookie="testCookie=1",-1!=document.cookie.indexOf("testCookie")&&-1==document.cookie.indexOf("cookie_notice"))){var n,i=t({messageLocales:{it:"",en:"We use cookies to improve performance and enhance your experience. By using this website, you agree to our use of cookies.",de:"",fr:""},cookieNoticePosition:"bottom",learnMoreLinkEnabled:!0,learnMoreLinkHref:"https://www.nucleustechnologies.com/Disclaimer.html",learnMoreLinkText:{it:"Disclaimer",en:"Disclaimer",de:"Haftungsausschluss",fr:"Clause de non-responsabilit."},buttonLocales:{en:"Got it."},expiresIn:30,buttonBgColor:"#0050C7",buttonTextColor:"#ffffff",notice

                                                                                                                                                                  Chrome Cache Entry: 233

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                  Entropy (8bit):4.22899518445442
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:yXa/mLfZwdt7G3ECWGPgPGSAG8jWGhvGZFW/:yX4Yt3E0o+s8ZheA
                                                                                                                                                                  MD5:AD58DC8D249BAEB34C053B99943336DF
                                                                                                                                                                  SHA1:F119BAE24970B4A431C7F63B17DBA4F1D2466D45
                                                                                                                                                                  SHA-256:6777FB38896D13D8577B0D9D7CAD220CE4D3A34C1F972F7B39F2BA04869B8B27
                                                                                                                                                                  SHA-512:6F0A10C2C82D8669402756580FCFEC548B19F4A58C4853DE4E711CD82CB27C5652ED47CA071A72BFC3FF47AB7D5D68CBE7E7C79C5DE210AC777EF5B0CE3BBF49
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:............ .h.......(....... ..... ..............................!...!...!...!...!...!...!...!...!...!...!...!...!...!......!...9.......................................................!...!.......!...!...!...!...!...!..'7.4...nDY.4...q@U...!.......!...!.......!...!...!...!...!...!...!...-.4...hLa.4...q@U.......!...!.......!..EO.....&1...!...!..4@.....U_.4...hLa.4...q@U...!...!.......!.........aj...!...!..............!.4...Gw..4.....!...!.......!.........bk...!..v}..........+6...!...!.4.........!...!.......!...........8B.........._h...!...!...!...!.4.....!...!.......!.........................!...!...!...!...!.......!...!.......!.....................0;...!...!...!...!...!.......!...!.......!.........go............$0...!...!...!...!.......!...!.......!.........bk...(...............*...!...!...!.......!...!.......!..~.......EO...!...*..........,8...!...!...!.......!...!.......!...!..!-...!...!...!...!...+...!...!...!...!.......!...!...9...................................

                                                                                                                                                                  Chrome Cache Entry: 234

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (37509)
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):52583
                                                                                                                                                                  Entropy (8bit):5.329695307423741
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:5nuRNGb7QhvyhHsLhYUdS4MWejjL31gWVxu:5nuR56hmXdsWe3L1e
                                                                                                                                                                  MD5:C383125E130C65726C4CFE1A74CF5F28
                                                                                                                                                                  SHA1:069617798893203A8233069714E05ADE35435D31
                                                                                                                                                                  SHA-256:12394A7A5F8F304E5EADE3E5EF7822E5BCB85D48FB91069CD6BA5A11C4CC3956
                                                                                                                                                                  SHA-512:2FD0936D128892A248C0AD29C46E07D26A14592F71E09239B8C3933DCFE540EFAC52D4485780B88CBDDEB1E3F6EB7518209AD628853FBF476CBABDB268215032
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/1.DNp4aoMv.chunk.js
                                                                                                                                                                  Preview:import{k as e}from"./4.C_rgEAoe.chunk.js";import{u as t,y as n,z as i,R as r,A as o,L as a,C as s,D as l,E as c,F as u,G as d,H as p,I as f,J as m,K as h,M as g,N as y,O as v,P as w,w as b,S as k,T as x,U as S,V as E,W as I,X as z,q as _,Y as C,Z as F,o as P,p as A,_ as O,$ as T,j as M,a0 as D,a1 as N,a2 as L,a3 as R,a4 as V,a5 as W,a6 as j,a7 as q,a8 as G,a9 as U,aa as H,ab as B,ac as $,ad as J,ae as Z,af as Y,ag as X,ah as K,B as Q}from"./3.BbDRrKd8.chunk.js";import{g as ee,a as te,d as ne}from"./6.D_CKFAbE.chunk.js";import{g as ie,b as re,d as oe,c as ae,m as se,l as le,f as ce,t as ue,a as de,n as pe,o as fe,r as me,e as he,h as ge,i as ye}from"./5.4VquQRII.chunk.js";import{m as ve,p as we,e as be,h as ke,f as xe,i as Se,j as Ee,k as Ie,l as ze,n as _e,r as Ce,u as Fe,C as Pe,o as Ae,q as Oe,t as Te,v as Me,w as De,x as Ne,y as Le,R as Re,z as Ve,B as We}from"./2.CIwVMl_0.chunk.js";import{d as je}from"./12.Gv78iMd6.chunk.js";import{i as qe}from"./13.DJPUQwQu.chunk.js";const Ge={};c

                                                                                                                                                                  Chrome Cache Entry: 235

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):351862
                                                                                                                                                                  Entropy (8bit):5.567262514403843
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:mgtYkDaC45bZ28fWQiHfT4kC8TMQRAK1ry96fKUU/r72//QQjLoS87oEf76pW3fZ:HcbZCQiHckC8TMQRAK1rqr7aLoSyoa71
                                                                                                                                                                  MD5:18AE818E56631C373E7D95DF6DF39D2B
                                                                                                                                                                  SHA1:2A09251F5C9410C869C089E00D3258F62DE03225
                                                                                                                                                                  SHA-256:CD656C30BBD3E2016D84E5A44BE45D221181864A060AF9618918B4A02D4F22CD
                                                                                                                                                                  SHA-512:691E3E9214033430866AAA5B471EB93DB5EDDF702786B0E426194D1F76ED169914CBA64430551C81A10F649C81ABF3E1D228D48EDFF9827CC55374FEF9E40353
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/2.CIwVMl_0.chunk.js
                                                                                                                                                                  Preview:import{aG as e,aH as t,S as n,ar as r,aw as o,aI as a,aJ as i,aK as s,aL as u,aM as l,aN as c,aO as d,aP as p,aQ as m,z as f,aR as h,aS as g,aT as D,aU as v,aV as b,aW as y,aX as x,aY as C,aZ as E,a_ as w,a$ as F,b0 as k,A as S,b1 as T,b2 as B,b3 as A,b4 as L,b5 as P,b6 as M,b7 as O,b8 as I,b9 as R,ba as z,bb as _,bc as j,bd as N,be as V,bf as W,bg as U,bh as H,r as q,bi as G,bj as K,O as Z,bk as Y,bl as $,bm as J,bn as X,bo as Q,M as ee,bp as te,bq as ne,br as re,bs as oe,bt as ae,bu as ie,bv as se,bw as ue,w as le,P as ce,bx as de,by as pe,bz as me,bA as fe,bB as he,am as ge,bC as De,al as ve,ad as be,bD as ye,bE as xe,aF as Ce,L as Ee,i as we,W as Fe,bF as ke,bG as Se,bH as Te,bI as Be,bJ as Ae,bK as Le,bL as Pe,ap as Me,bM as Oe,bN as Ie,bO as Re,bP as ze,a as _e,v as je,bQ as Ne,bR as Ve,aq as We,bS as Ue,bT as He,bU as qe,bV as Ge,as as Ke,bW as Ze,an as Ye,Z as $e,av as Je,a1 as Xe,bX as Qe,bY as et,bZ as tt,b_ as nt,b$ as rt,c0 as ot,c1 as at,c2 as it,c3 as st,u as ut,c4 as lt,

                                                                                                                                                                  Chrome Cache Entry: 236

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 356 x 51, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):9911
                                                                                                                                                                  Entropy (8bit):7.5289940462271945
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:vSqknvJNDaDraz3F9HZ9N868/IodQDxkFE1k4b+3vv+6DMRF+3ur/A:a5nrDaDOz3PTWJQodMKeiwyO6DMRF+3H
                                                                                                                                                                  MD5:D6FBF93EB66D3551C70FD45716D8902C
                                                                                                                                                                  SHA1:33432A12017E3CD662DF9B71319A0668F3C57035
                                                                                                                                                                  SHA-256:0A5F039926DCA1CE6B78F7EE476AFC3A348499FB48311AB0212F81D839774BFE
                                                                                                                                                                  SHA-512:F6377665558041FF802E164931FF4B61115B7F5553E1827888312AF78EFF3D42DB52C746BFBA7B426AFCE0EA81AECA53433CF092ABFF1E81C779C029D7F0D79B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.PNG........IHDR...d...3.......r.....pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c002 79.a6a6396, 2024/03/12-07:48:23 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 25.3 (Windows)" xmp:CreateDate="2024-01-08T16:02:18+05:30" xmp:ModifyDate="2024-05-27T15:24:39+05:30" xmp:MetadataDate="2024-05-27T15:24:39+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:ad586e42-d975-5143-bcd3-defaf0b010e4" xmpMM:DocumentID="adobe:docid:photoshop:965558e8-9b1f-294

                                                                                                                                                                  Chrome Cache Entry: 237

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):534
                                                                                                                                                                  Entropy (8bit):6.941075765602815
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:fWWpn/WOxRFBDmFEqV+RGBaY1QoQk+d6jVfrMQxZt:fhp/WOxRvDmFEqV+EBJQk3xQOT
                                                                                                                                                                  MD5:B6CA4248A053F453EC0C1F0D16566262
                                                                                                                                                                  SHA1:0A478653B02564E7C0497BB9F560BF1014EB14AC
                                                                                                                                                                  SHA-256:FC72B5371278DBECB95B910B35708BD8C0404CD7B5DECE711BB7D00B0BD20DD2
                                                                                                                                                                  SHA-512:EEC523C924D80B8DE2A08FDAA4843E97659D1618CED83EAA9F7713B47D3DBA26D34A79D91CE71D25B14767F9A9F9DEE74572489E88DD45A444FD39CF86695EF3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH/......m.GWl'.Ye.ls.....mv9R%...=S..m.q.........{/.=m...v_.gZ.....Yt.......KpV.....93g..7......<..3f...{V,.....m.....%..?..gO_...O.<..OkS.......)....:99N\..R.....}......x.PE@.k=q.G...d.rW.C.&M.I.s..LuHz..4...0.h5.'.%z.R...ZO.z$...Z...x...=....T.wV.VQk..W}jkj.9/..@}s.yIg.,z..-...3....|..;m..>?...VP8 b........* . .>.H.K%.".......@.............x.......&......M....C!w:W.o.^.sJ%.t...S.Y...d..H?z.'^...PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 238

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):604
                                                                                                                                                                  Entropy (8bit):7.195736658926014
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:qoWWpnK5TqxtfJkYZym6S10H5cH8QXBriU/hdmcUMQxZt:thpKJqxtxLy8xH8QXBOU5dmcdOT
                                                                                                                                                                  MD5:AD4BD5A871F7034082975D854413FB95
                                                                                                                                                                  SHA1:8AD1502B76A77221CE85E6DF426273F701D04A65
                                                                                                                                                                  SHA-256:C2E14ECA1237D2B6057565B63A8B7F19866F1E688B1B28471227DB6B41E1A140
                                                                                                                                                                  SHA-512:C6A38E0CEA663DE1DD71BAB9F410BC9D1531B7823EEBE1BA1B87FC6289372B9E6D71ECA40F7923B097DD07A28E7B7F7CE343195FADF875D7C1BAC2FD2C09CE31
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:RIFFT...WEBPVP8X..............ALPHV......m.Gwl....+....].v*..{...XO...}GV......\2.....la.9./.Hy..=...1.G<.d.".wRD.C2.."H."....35..I:]....3OD..E5A.B(...)R.$]PW*N"X....1......Z.Io%....y..D.:.(&.2.%i90+.gk.9`C..6E..S..w?'.....4....i~Q..;*.oM.......f...........W..L....U....-.as...m"`=..{....q"XdK..D.!.F.tyh.c/....J..rh.....neC.9tAD+l....]a8...m.-z...SS..XU].n2VP8 .........* . .>.H.K%.".......l....d..[..v;...\.V.....&..+.q.%.....Dk..^..4.=/...6d..;.?....Z|...e.5$....+..Yr....R.:.._B....PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 239

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1072
                                                                                                                                                                  Entropy (8bit):5.9979567683651815
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:m1hkyaWwh82lYSKwGA2gWX7NVuM2T37oyJ3VYN1yK0rvLqYGNpPw7:sZvnLxAFyZWvrJ3OwK0rvL5uI7
                                                                                                                                                                  MD5:8AD891CDD02D4E01CBCD2B316E2E46AB
                                                                                                                                                                  SHA1:996E19C2E0CAC789CF2B14E34386FC74B0444B33
                                                                                                                                                                  SHA-256:423ADF1E941655627B5322D5110B12E90834D2114795EDD0E04FAB1A5726C96D
                                                                                                                                                                  SHA-512:7830B4AE35F6CB2DBC68EA5D77BC8922AEF5B5CF752C14605ED243CA50F4E9699B4684502479A51E8103A0366357F6955A77A50F237CD354E5F7EB93D3760058
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.PNG........IHDR.............r..|....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899777, 2023/06/25-23:57:14 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4d6dbc9b-7dfa-5643-b4a6-ea071d480954" xmpMM:DocumentID="xmp.did:CE85A98E5E8F11EEBA26D878899DC289" xmpMM:InstanceID="xmp.iid:CE85A98D5E8F11EEBA26D878899DC289" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:02fc939c-7545-7642-ab37-5c36c7315307" stRef:documentID="adobe:docid:photoshop:cd972449-008f-2c42-8c02-37e33994f9b1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3S....AIDATx.b...?..

                                                                                                                                                                  Chrome Cache Entry: 240

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (2748), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):2749
                                                                                                                                                                  Entropy (8bit):5.18206677945532
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:3N1GH33vE9GH9QK3cVxlvd/9ueiY+p8yy+o7il/iljDzAcGESHtgTsm:3b63vE9oOK34FdTiY+WH+YilIfzTSHtC
                                                                                                                                                                  MD5:95255E39B16955568629C75DA9D68F4C
                                                                                                                                                                  SHA1:2459035F77742DE3F708FE293C8C030D98E0E2ED
                                                                                                                                                                  SHA-256:DF6B0FFB1121F01D9D9D855C5A81AE7EAF072C08FB7B8B93214734008D912405
                                                                                                                                                                  SHA-512:7C4847C0EAB10113C0B601B6B77E3685ACDA29B482FD8C36480E2096DE4AFD8C5C0631E491285E112C67B927EA6EBCCB03023CB2950FC1E3353813167F1AE71F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/ntjs/cookie.notice.js
                                                                                                                                                                  Preview:!function(){var e;function o(e){var o=(navigator.userLanguage||navigator.language).substr(0,2);return e[o]?e[o]:e.en}function t(e,o){var n;for(n in o)o.hasOwnProperty(n)&&("object"==typeof e[n]?e[n]=t(e[n],o[n]):e[n]=o[n]);return e}document.addEventListener("DOMContentLoaded",(function(){e||new cookieNoticeJS})),window.cookieNoticeJS=function(){if(void 0===e&&(e=this,document.cookie="testCookie=1",-1!=document.cookie.indexOf("testCookie")&&-1==document.cookie.indexOf("cookie_notice"))){var n,i=t({messageLocales:{it:"",en:"We use cookies to improve performance and enhance your experience. By using this website, you agree to our use of cookies.",de:"",fr:""},cookieNoticePosition:"bottom",learnMoreLinkEnabled:!0,learnMoreLinkHref:"https://www.nucleustechnologies.com/Disclaimer.html",learnMoreLinkText:{it:"Disclaimer",en:"Disclaimer",de:"Haftungsausschluss",fr:"Clause de non-responsabilit."},buttonLocales:{en:"Got it."},expiresIn:30,buttonBgColor:"#0050C7",buttonTextColor:"#ffffff",notice

                                                                                                                                                                  Chrome Cache Entry: 241

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                  Entropy (8bit):4.1240244208650205
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:TMQm9XAdVMRUpFZwn:ABmgU1wn
                                                                                                                                                                  MD5:D541CE2D754402B833CC65B76EAEA2C6
                                                                                                                                                                  SHA1:C36A92A0F5CEF497CE42B1E8B4C72C8D9BD3786B
                                                                                                                                                                  SHA-256:80353503E48EBF6C2AE9F70184D3E758F64BACF48AFE147E039DF807509200CB
                                                                                                                                                                  SHA-512:F8CD5CC49F9276C580419958BF312EE0A311194FD41D116EE709E56401D769511700031EC9F3E6151F8DA6B7E13B16E374A231E31CB00B92413CE5C751C2A0B6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/9.qYTqns9Q.chunk.js
                                                                                                                                                                  Preview:function n(n){return!!n}export{n as i};.

                                                                                                                                                                  Chrome Cache Entry: 242

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (7449), with CRLF line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):28591
                                                                                                                                                                  Entropy (8bit):5.082179316246573
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:3pI629AvuXJP5cxUmAuitEycZj2DF1VXlUyfTh/ezHpWGMIVXapJXP9:ZkqvMJhWsDrPdlUyfTJez16
                                                                                                                                                                  MD5:D95C88A36A6F15E3540CDCB34DF69BF8
                                                                                                                                                                  SHA1:93E2D356D35B118CC6BBDCCDD81A822B36C84CB8
                                                                                                                                                                  SHA-256:6C5801AB2B089F8D80E71C89D6CEF4E6EA9AED6DAA368FC8D2E5F8EF05EF1F50
                                                                                                                                                                  SHA-512:9D290B05063E7A724399A811CC7C958999961D19F666BF155EEC518C4BD0AC9E3CE39EA22924FFBA1BFA1AA17F114A304980F7CE6665795DDBC70DE268AE4A85
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/cssnew/menu-update-2023.css
                                                                                                                                                                  Preview:html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:rgba(0,0,0,0);}body{margin:0;line-height:1.42857143;color:#000;background-color:#fff;}header,nav{display:block;}a{background-color:transparent;}a:active,a:hover{outline:0;}b,strong{font-weight:700;}img{border:0;}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0;}button,input{color:inherit;font:inherit;margin:0;}button{overflow:visible;text-transform:none;-webkit-appearance:button;cursor:pointer;}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0;}input{line-height:normal;}@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important;}a,a:visited{text-decoration:underline;}a[href]:after{content:" (" attr(href) ")";}a[href^="#"]:after,a[href^="javascript:"]:after{content:"";}img{page-break-inside:avoid;max-width:100%!important;}h3,p{orphans:

                                                                                                                                                                  Chrome Cache Entry: 243

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (37509)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):52583
                                                                                                                                                                  Entropy (8bit):5.329695307423741
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:5nuRNGb7QhvyhHsLhYUdS4MWejjL31gWVxu:5nuR56hmXdsWe3L1e
                                                                                                                                                                  MD5:C383125E130C65726C4CFE1A74CF5F28
                                                                                                                                                                  SHA1:069617798893203A8233069714E05ADE35435D31
                                                                                                                                                                  SHA-256:12394A7A5F8F304E5EADE3E5EF7822E5BCB85D48FB91069CD6BA5A11C4CC3956
                                                                                                                                                                  SHA-512:2FD0936D128892A248C0AD29C46E07D26A14592F71E09239B8C3933DCFE540EFAC52D4485780B88CBDDEB1E3F6EB7518209AD628853FBF476CBABDB268215032
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:import{k as e}from"./4.C_rgEAoe.chunk.js";import{u as t,y as n,z as i,R as r,A as o,L as a,C as s,D as l,E as c,F as u,G as d,H as p,I as f,J as m,K as h,M as g,N as y,O as v,P as w,w as b,S as k,T as x,U as S,V as E,W as I,X as z,q as _,Y as C,Z as F,o as P,p as A,_ as O,$ as T,j as M,a0 as D,a1 as N,a2 as L,a3 as R,a4 as V,a5 as W,a6 as j,a7 as q,a8 as G,a9 as U,aa as H,ab as B,ac as $,ad as J,ae as Z,af as Y,ag as X,ah as K,B as Q}from"./3.BbDRrKd8.chunk.js";import{g as ee,a as te,d as ne}from"./6.D_CKFAbE.chunk.js";import{g as ie,b as re,d as oe,c as ae,m as se,l as le,f as ce,t as ue,a as de,n as pe,o as fe,r as me,e as he,h as ge,i as ye}from"./5.4VquQRII.chunk.js";import{m as ve,p as we,e as be,h as ke,f as xe,i as Se,j as Ee,k as Ie,l as ze,n as _e,r as Ce,u as Fe,C as Pe,o as Ae,q as Oe,t as Te,v as Me,w as De,x as Ne,y as Le,R as Re,z as Ve,B as We}from"./2.CIwVMl_0.chunk.js";import{d as je}from"./12.Gv78iMd6.chunk.js";import{i as qe}from"./13.DJPUQwQu.chunk.js";const Ge={};c

                                                                                                                                                                  Chrome Cache Entry: 244

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):5490
                                                                                                                                                                  Entropy (8bit):5.434978588073591
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:AOOEalwOOEaZFZOhOOEaMOOEahVc+udOOEaSZNAOOxMalwOOxMaZFZOhOOxMaMOi:YloQTEtmS+lSQ1OtcSIlUQXYtKST
                                                                                                                                                                  MD5:CF9D98B5EAF83F41DA88BA33155F4486
                                                                                                                                                                  SHA1:6DE2EF8C6776D0C588655EE709995FC2FC6BDEE0
                                                                                                                                                                  SHA-256:CBB999307A9FD1D7AA51B3277092CAF92B2150D4876176222877D3335857FA20
                                                                                                                                                                  SHA-512:0B3D7332FB2F1E03EF5A980DA85948C5D4A709E005EF839D5C981357CB49182D1B63081A977BE166D14511C79823037E905BCFEE3E675721D09680E1F6DAAB26
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;800&display=swap
                                                                                                                                                                  Preview:/* cyrillic-ext */.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* vietnamese */.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+

                                                                                                                                                                  Chrome Cache Entry: 245

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):194427
                                                                                                                                                                  Entropy (8bit):5.572542961368681
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:I9rozcDigPLQxwU1e6DcDilLx79NkCqj2VSc5EK57NnpZsn/AultmKdZw1OoSs31:IwcXPcx3DIilxJNB57a4gYzfpKTeM0vB
                                                                                                                                                                  MD5:B368368CE675FD635D171B51DE739426
                                                                                                                                                                  SHA1:6AC22738406FAF9AB359378F25F1753C0702F505
                                                                                                                                                                  SHA-256:1C4C0E2C0C49590E5451B44941281DD672FDB315037ACD573FDA989AC1A345CC
                                                                                                                                                                  SHA-512:EC139C1B73A7CE65F9591ADD40D01853D437DA8CEAE1B9648A95F15BF2CD061EDB400FCE80BB1615E7094EC1067C163F4BC86A8471C055CD171D6DE467CC597A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/3.BbDRrKd8.chunk.js
                                                                                                                                                                  Preview:import{k as e}from"./4.C_rgEAoe.chunk.js";import{g as t,z as r,v as n,u as a,n as i,q as o,r as s,R as u,e as l,A as c,h as d,p,f as h,B as f,w as g,C as m,t as _,D as b,E as v,s as D,F as y,l as w,j as C,G as E,a as k,_ as A,H as F,I as x,k as I,c as S,J as T,i as B}from"./5.4VquQRII.chunk.js";import{a as z,g as P,c as M,b as O,h as j,d as R,t as q}from"./6.D_CKFAbE.chunk.js";var $="__test_storage_support__",N=function(e){void 0===e&&(e="local");try{var t="session"===e?window.sessionStorage:window.localStorage;return t.setItem($,"@@test"),"@@test"!==t.getItem($)?!1:(t.removeItem($),!0)}catch(r){return!1}},U=function(){var e=Object.create(null);return{getItem:function(t){var r=e[t];return"string"==typeof r?r:null},setItem:function(t,r){e[t]=r},removeItem:function(t){delete e[t]},clear:function(){e=Object.create(null)}}}();const L=t(e=>(t,r)=>{if(0!==t)return;if("function"!=typeof e)return r(0,()=>{}),void r(2);let n,a=!1;r(0,e=>{a||(a=2===e,a&&"function"==typeof n&&n())}),a||(n=e(e=>{a

                                                                                                                                                                  Chrome Cache Entry: 246

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (50522), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):50523
                                                                                                                                                                  Entropy (8bit):5.297134171375771
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:IaOFhhR9OIFhOjfRysgLzQyVwhYyDMsWxKQ:IaOFnR2DRszQekTWUQ
                                                                                                                                                                  MD5:14272A6CDF99BDC079B8EC8097889F49
                                                                                                                                                                  SHA1:2343F9F1D29F3B034F3B8FFB7A92BFFD98A88450
                                                                                                                                                                  SHA-256:73AAA4E6BFC1DBED5F3F934710D1ADA545F4068742235E59D0CB74F0EAF0A3C4
                                                                                                                                                                  SHA-512:BD83B900ACBFB123F485F46DE1692710B7C77DE90739CA3CFAB7A58CF3B71FCD9D97FCCEC6762528886C57A41F101574209F65B2BEF745613F0BCB7D196200A5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:function UET(o){this.stringExists=function(n){return n&&n.length>0};this.domain="bat.bing.com";this.domainCl="bat.bing.net";this.URLLENGTHLIMIT=4096;this.pageLoadEvt="pageLoad";this.customEvt="custom";this.pageViewEvt="page_view";o.Ver=o.Ver!==undefined&&(o.Ver==="1"||o.Ver===1)?1:2;this.uetConfig={};this.uetConfig.consent={enabled:!1,adStorageAllowed:!0,adStorageUpdated:!1,hasWaited:!1,waitForUpdate:0,enforced:!1};this.uetConfig.tcf={enabled:!1,vendorId:1126,hasLoaded:!1,timeoutId:null,gdprApplies:undefined,adStorageAllowed:undefined,measurementAllowed:undefined,personalizationAllowed:undefined};this.uetConfig.cusig={hasLoaded:!1,timeoutId:null,blob:{}};this.beaconParams={};this.supportsCORS=this.supportsXDR=!1;this.paramValidations={string_currency:{type:"regex",regex:/^[a-zA-Z]{3}$/,error:"{p} value must be ISO standard currency code"},number:{type:"num",digits:3,max:999999999999},integer:{type:"num",digits:0,max:999999999999},hct_los:{type:"num",digits:0,max:30},date:{type:"regex",

                                                                                                                                                                  Chrome Cache Entry: 247

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                  Entropy (8bit):2.7773627950641693
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:qVZPV:qzd
                                                                                                                                                                  MD5:C83301425B2AD1D496473A5FF3D9ECCA
                                                                                                                                                                  SHA1:941EFB7368E46B27B937D34B07FC4D41DA01B002
                                                                                                                                                                  SHA-256:B633A587C652D02386C4F16F8C6F6AAB7352D97F16367C3C40576214372DD628
                                                                                                                                                                  SHA-512:83BAFE4C888008AFDD1B72C028C7F50DEE651CA9E7D8E1B332E0BF3AA1315884155A1458A304F6E5C5627E714BF5A855A8B8D7DB3F4EB2BB2789FE2F8F6A1D83
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://td.doubleclick.net/td/rul/1057256791?random=1727796422723&cv=11&fst=1727796422723&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&ct_cookie_present=0
                                                                                                                                                                  Preview:<html></html>

                                                                                                                                                                  Chrome Cache Entry: 248

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):300
                                                                                                                                                                  Entropy (8bit):4.767327594033679
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:rsIOjD2xPnFJsklTiTcyElusuUhf7A4uz9OQznW1wn:r+jD2x9Js9cXAsuUhluz0vw
                                                                                                                                                                  MD5:640CAAB52100A1E9DFE618AAEB79838F
                                                                                                                                                                  SHA1:4654776A82E5405614A595D40CB33CA2B5BAE0B5
                                                                                                                                                                  SHA-256:FB8EB817D7251014C136B441BD4004FA6567908059013EDBB938925F23B67CEB
                                                                                                                                                                  SHA-512:17D605182BE517C5E797B2FD823B9AB7B6BD73D97BD2C3D11C5EB29D108CD350D789116528E351ABAEBDF3654CC65100B9E3353064BA38C9AB9008126C6A3061
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/13.DJPUQwQu.chunk.js
                                                                                                                                                                  Preview:const n=n=>{var e,l,o;const i=null==n?void 0:n.openaiIntegration;return Boolean((null==i?void 0:i.enabled)&&(null==i||null==(e=i.properties)?void 0:e.assistantId)&&!(null!=i&&null!=(l=i.properties)&&l.quotaExceeded)&&!(null!=i&&null!=(o=i.properties)&&o.hasInsufficientPermissions))};export{n as i};.

                                                                                                                                                                  Chrome Cache Entry: 249

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1241), with CRLF line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):57193
                                                                                                                                                                  Entropy (8bit):5.398955826529645
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:sPtrlsXYcCtoQaQ7YQ9rqCwxlWDuyNVNy3RHm4X:sPt2IcCtoQa/Q9rqCwxlWDH83RHTX
                                                                                                                                                                  MD5:85F03321DDCD3800C910DC40A40BE35E
                                                                                                                                                                  SHA1:D1C697EC0337B44B0A71B0DB2A481233E73BC2BA
                                                                                                                                                                  SHA-256:554D11C4B692DE31CEA0ACC7C7D2939A7D130395034B9DE52A2805186BE785A1
                                                                                                                                                                  SHA-512:5C6F47F0EE8F74D127AE0E9F41097BEC1A21F1880C22A5D167EEDF281D12CE8A098190DC5BCCFE433909A6C8F6D22563134F6C290477235C50F45A3D0F312AAF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Preview:<!DOCTYPE html>..<html lang="en">..<head>..<meta charset="utf-8">..<title>Thank you for installing Kernel Outlook PST Viewer Free</title>..<meta name="viewport" content="width=device-width, initial-scale=1">..<meta name="description" content="">..<meta name="keywords" content="">..<meta name="robots" content="noindex, nofollow">..<link rel="preload" as="font" href="https://www.nucleustechnologies.com/cssnew/fonts/Montserrat-Regular.woff2" type="font/woff2" crossorigin="anonymous">..<link rel="preload" href="https://www.nucleustechnologies.com/cssnew/freeware-download.css" as="style" onload="this.rel='stylesheet'">...<link rel="preload" href="https://www.nucleustechnologies.com/cssnew/menu-update-2023.css" as="style" onload="this.rel='stylesheet'">..<link rel="stylesheet" type="text/css" href="https://www.nucleustechnologies.com/cssnew/freeware-download.css"> ..<link rel="stylesheet" type="text/css" href="https://www.nucleustechnologies.com/cssnew/menu-update-2023.css"> ..<link rel

                                                                                                                                                                  Chrome Cache Entry: 250

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Java source, ASCII text, with very long lines (49245)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):137495
                                                                                                                                                                  Entropy (8bit):5.267322753641152
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:wFZ02FkgfhACvBctiEWJfmYShmud+jHPL4+HOwIE6P9y9CAwcn/g7jyMHbI:wFm2FPfhACiSZ4+jHPNF6PU71nYvyM7I
                                                                                                                                                                  MD5:784C5718D508CD202128224724FD1EF3
                                                                                                                                                                  SHA1:56D33BB419A5EA3D96E6F59778D1DB7703DEC43D
                                                                                                                                                                  SHA-256:3BFB8B0CB0F25C535A7822E7EDF88F1ACDED26629CF38386D5BA95BCE3AB8E21
                                                                                                                                                                  SHA-512:92BF217C36D5B9FBBE43A059CD127948FF74577BC018866E5F21413E0F369DB8ECA364750F4714274D41ADA46A6BB91E058F8FF9036538E9F8AFA4DEEB7E181B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:import{k as e}from"./4.C_rgEAoe.chunk.js";var t="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function n(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function r(e){if(e.__esModule)return e;var t=e.default;if("function"==typeof t){var n=function e(){return this instanceof e?Reflect.construct(t,arguments,this.constructor):t.apply(this,arguments)};n.prototype=t.prototype}else n={};return Object.defineProperty(n,"__esModule",{value:!0}),Object.keys(e).forEach((function(t){var r=Object.getOwnPropertyDescriptor(e,t);Object.defineProperty(n,t,r.get?r:{enumerable:!0,get:function(){return e[t]}})})),n}const l=e=>(t,n)=>{if(0!==t)return;let r,l;function a(e,t){1===e&&(l||r)(1,t),2===e&&(l&&l(2),r&&r(2))}e(0,(e,t)=>{if(0===e)r=t,n(0,a);else if(1===e){const e=t;l&&l(2),e(0,(e,t)=>{0===e?(l=t,l(1)):1===e?n(1,t):2===e&&t?(r&&r(2),n(2,t)):2===e&&(r?(l=void 0,r(1

                                                                                                                                                                  Chrome Cache Entry: 251

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (306)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):307
                                                                                                                                                                  Entropy (8bit):4.79870183908231
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:AP4m8+ERIT5CY3+RrgDLQRSUrjCl95Z+7K/Yrcha0qkRD2QwAyETsYAdiOD:APyZI1CY3wEFUrkZmKw70f2OyETsbD
                                                                                                                                                                  MD5:A611E384114CEB76E510A16B37F9738C
                                                                                                                                                                  SHA1:B0F870C2E48579C20693ADE91E76B1687EB51883
                                                                                                                                                                  SHA-256:40DC48349BC43C0444A7C11AEE8FAFB09DF8809D1DCDB7B664D69E48A097FF6A
                                                                                                                                                                  SHA-512:898D0E3D35B79685F9DC130F159DD3F2CE9AF823DFCAEDCA76BF8BCF62C4885586E71BB99FB39D050A46F5A63970792DA459767166C9276DBCE180CCF92971F6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:function t(t,n){let e,o=Date.now()-2*t;const r=function(){return o=Date.now(),n(...arguments)},a=()=>clearTimeout(e),c=function(){const n=Date.now();n-o>=t&&(o=Date.now()),a();for(var c=arguments.length,u=new Array(c),i=0;i<c;i++)u[i]=arguments[i];e=setTimeout(r,o-n+t,...u)};return c.cancel=a,c}export{t};.

                                                                                                                                                                  Chrome Cache Entry: 252

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):194427
                                                                                                                                                                  Entropy (8bit):5.572542961368681
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:I9rozcDigPLQxwU1e6DcDilLx79NkCqj2VSc5EK57NnpZsn/AultmKdZw1OoSs31:IwcXPcx3DIilxJNB57a4gYzfpKTeM0vB
                                                                                                                                                                  MD5:B368368CE675FD635D171B51DE739426
                                                                                                                                                                  SHA1:6AC22738406FAF9AB359378F25F1753C0702F505
                                                                                                                                                                  SHA-256:1C4C0E2C0C49590E5451B44941281DD672FDB315037ACD573FDA989AC1A345CC
                                                                                                                                                                  SHA-512:EC139C1B73A7CE65F9591ADD40D01853D437DA8CEAE1B9648A95F15BF2CD061EDB400FCE80BB1615E7094EC1067C163F4BC86A8471C055CD171D6DE467CC597A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:import{k as e}from"./4.C_rgEAoe.chunk.js";import{g as t,z as r,v as n,u as a,n as i,q as o,r as s,R as u,e as l,A as c,h as d,p,f as h,B as f,w as g,C as m,t as _,D as b,E as v,s as D,F as y,l as w,j as C,G as E,a as k,_ as A,H as F,I as x,k as I,c as S,J as T,i as B}from"./5.4VquQRII.chunk.js";import{a as z,g as P,c as M,b as O,h as j,d as R,t as q}from"./6.D_CKFAbE.chunk.js";var $="__test_storage_support__",N=function(e){void 0===e&&(e="local");try{var t="session"===e?window.sessionStorage:window.localStorage;return t.setItem($,"@@test"),"@@test"!==t.getItem($)?!1:(t.removeItem($),!0)}catch(r){return!1}},U=function(){var e=Object.create(null);return{getItem:function(t){var r=e[t];return"string"==typeof r?r:null},setItem:function(t,r){e[t]=r},removeItem:function(t){delete e[t]},clear:function(){e=Object.create(null)}}}();const L=t(e=>(t,r)=>{if(0!==t)return;if("function"!=typeof e)return r(0,()=>{}),void r(2);let n,a=!1;r(0,e=>{a||(a=2===e,a&&"function"==typeof n&&n())}),a||(n=e(e=>{a

                                                                                                                                                                  Chrome Cache Entry: 253

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (4269)
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):283941
                                                                                                                                                                  Entropy (8bit):5.546107843777392
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:LxFkUeQ65WHnTtJKQK0+FdOhOJjt+/Kjrv+aUP3m6NIh7RCEtzl2+4jReFSlU:9n+yT7qsGjrvzjCIhlCOzl2+4jSH
                                                                                                                                                                  MD5:E08C67B0BE48B27C6B674947140BA2A8
                                                                                                                                                                  SHA1:A13EE04E12784C9DD3CD1D3E8B03AE07DA05DA93
                                                                                                                                                                  SHA-256:B82AB5365451B276A51DA64239277B67E54E67D03B5AA85385B3A95C9ED8D02C
                                                                                                                                                                  SHA-512:C902C53A0285137B259B0F3841095B2DAFAF3C10C96F4C1C26CBDE5ED417E42AA1B3A0EE03F868F98DFE89B475497BB65C6B61B47E370B1AB0F8570B45AA419A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.googletagmanager.com/gtag/destination?id=AW-1057256791&l=dataLayer&cx=c
                                                                                                                                                                  Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_ads_datatos","priority":15,"vtp_instanceDestinationId":"AW-1057256791","tag_id":15},{"function":"__ogt_cps","priority":5,"vtp_cpsMode":"ALL","tag_id":8},{"function":"__ogt_1p_data_v2","priority":5,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp

                                                                                                                                                                  Chrome Cache Entry: 254

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):604
                                                                                                                                                                  Entropy (8bit):7.195736658926014
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:qoWWpnK5TqxtfJkYZym6S10H5cH8QXBriU/hdmcUMQxZt:thpKJqxtxLy8xH8QXBOU5dmcdOT
                                                                                                                                                                  MD5:AD4BD5A871F7034082975D854413FB95
                                                                                                                                                                  SHA1:8AD1502B76A77221CE85E6DF426273F701D04A65
                                                                                                                                                                  SHA-256:C2E14ECA1237D2B6057565B63A8B7F19866F1E688B1B28471227DB6B41E1A140
                                                                                                                                                                  SHA-512:C6A38E0CEA663DE1DD71BAB9F410BC9D1531B7823EEBE1BA1B87FC6289372B9E6D71ECA40F7923B097DD07A28E7B7F7CE343195FADF875D7C1BAC2FD2C09CE31
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/soc001.webp
                                                                                                                                                                  Preview:RIFFT...WEBPVP8X..............ALPHV......m.Gwl....+....].v*..{...XO...}GV......\2.....la.9./.Hy..=...1.G<.d.".wRD.C2.."H."....35..I:]....3OD..E5A.B(...)R.$]PW*N"X....1......Z.Io%....y..D.:.(&.2.%i90+.gk.9`C..6E..S..w?'.....4....i~Q..;*.oM.......f...........W..L....U....-.as...m"`=..{....q"XdK..D.!.F.tyh.c/....J..rh.....neC.9tAD+l....]a8...m.-z...SS..XU].n2VP8 .........* . .>.H.K%.".......l....d..[..v;...\.V.....&..+.q.%.....Dk..^..4.=/...6d..;.?....Z|...e.5$....+..Yr....R.:.._B....PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 255

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):351862
                                                                                                                                                                  Entropy (8bit):5.567262514403843
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:mgtYkDaC45bZ28fWQiHfT4kC8TMQRAK1ry96fKUU/r72//QQjLoS87oEf76pW3fZ:HcbZCQiHckC8TMQRAK1rqr7aLoSyoa71
                                                                                                                                                                  MD5:18AE818E56631C373E7D95DF6DF39D2B
                                                                                                                                                                  SHA1:2A09251F5C9410C869C089E00D3258F62DE03225
                                                                                                                                                                  SHA-256:CD656C30BBD3E2016D84E5A44BE45D221181864A060AF9618918B4A02D4F22CD
                                                                                                                                                                  SHA-512:691E3E9214033430866AAA5B471EB93DB5EDDF702786B0E426194D1F76ED169914CBA64430551C81A10F649C81ABF3E1D228D48EDFF9827CC55374FEF9E40353
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:import{aG as e,aH as t,S as n,ar as r,aw as o,aI as a,aJ as i,aK as s,aL as u,aM as l,aN as c,aO as d,aP as p,aQ as m,z as f,aR as h,aS as g,aT as D,aU as v,aV as b,aW as y,aX as x,aY as C,aZ as E,a_ as w,a$ as F,b0 as k,A as S,b1 as T,b2 as B,b3 as A,b4 as L,b5 as P,b6 as M,b7 as O,b8 as I,b9 as R,ba as z,bb as _,bc as j,bd as N,be as V,bf as W,bg as U,bh as H,r as q,bi as G,bj as K,O as Z,bk as Y,bl as $,bm as J,bn as X,bo as Q,M as ee,bp as te,bq as ne,br as re,bs as oe,bt as ae,bu as ie,bv as se,bw as ue,w as le,P as ce,bx as de,by as pe,bz as me,bA as fe,bB as he,am as ge,bC as De,al as ve,ad as be,bD as ye,bE as xe,aF as Ce,L as Ee,i as we,W as Fe,bF as ke,bG as Se,bH as Te,bI as Be,bJ as Ae,bK as Le,bL as Pe,ap as Me,bM as Oe,bN as Ie,bO as Re,bP as ze,a as _e,v as je,bQ as Ne,bR as Ve,aq as We,bS as Ue,bT as He,bU as qe,bV as Ge,as as Ke,bW as Ze,an as Ye,Z as $e,av as Je,a1 as Xe,bX as Qe,bY as et,bZ as tt,b_ as nt,b$ as rt,c0 as ot,c1 as at,c2 as it,c3 as st,u as ut,c4 as lt,

                                                                                                                                                                  Chrome Cache Entry: 256

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):193
                                                                                                                                                                  Entropy (8bit):4.735614936279919
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:Ah7uyqMVHB9QrFNXNGAH7KHqLWt8o1Xr1GYBOSvn:A4yqOqF3mQixKSvn
                                                                                                                                                                  MD5:1771376DC07DA48B3F03339D86D57B7B
                                                                                                                                                                  SHA1:A5861EBFFF23A92CCD1CE6B8A517B6F877D50A63
                                                                                                                                                                  SHA-256:6E148DF31D721A0FF08563F2D676751786E01418C86EE54EE8F0E88AA46AE26A
                                                                                                                                                                  SHA-512:6038EFED0774FD61C7BF6558D3EA24CCEBFADA1041FA2C1606263A19F8700043A18F6E368ED550FC61F644EB7B81F8CAC01498F30CC56A103295911B28E436B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:function t(t){if("keys"in Object&&"function"==typeof Object.keys)return Object.keys(t);const e=[];for(const n in t)Object.prototype.hasOwnProperty.call(t,n)&&e.push(n);return e}export{t as k};.

                                                                                                                                                                  Chrome Cache Entry: 257

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (4852), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):4852
                                                                                                                                                                  Entropy (8bit):5.00288156247875
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:CRW/1RupyFJhQ08YZWP/wXtJJJ+Yki1KwY9P/vCLg:vTJFJis2vbQKJxKM
                                                                                                                                                                  MD5:1F4BC85A5DD547C1F19541D6AC58A9CA
                                                                                                                                                                  SHA1:7D3CB81EC588439F76BFE1B01684AA8853055E41
                                                                                                                                                                  SHA-256:6BED97D1FEC9D29A0D611F5CD17E88C939E154FDB99040D48F2DDEE6138BBA75
                                                                                                                                                                  SHA-512:BA24C2BB1897CCF9EEED1B58FEE4FB5316A1DAF5F0C49CADEE896570C8BA71EAC5CD7AAA4BFD548D28392C0A55821A20DFD252C3919EB19A02B8ED1C8A39172C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:__lc_static_config({"buttons":[{"id":"6f8eb39a2d","type":"text","online_value":"Live chat now","offline_value":"Leave us a message"},{"id":"93851e831f","type":"image","online_value":"cdn.livechat-files.com/api/file/lc/main/default/buttons/button_online007.png","offline_value":"cdn.livechat-files.com/api/file/lc/main/default/buttons/button_offline007.png"},{"id":"ea2741ba0f","type":"image","online_value":"cdn.livechat-files.com/api/file/lc/main/default/buttons/button_online003.png","offline_value":"cdn.livechat-files.com/api/file/lc/main/default/buttons/button_offline003.png"}],"prechat_form":{"id":"169527612523205756","fields":[{"id":"16952761252320117","type":"header","label":"Welcome to Kernel Data Recovery! Please complete the form below to chat with our Product Specialist."},{"id":"169527612523209351","type":"name","label":"Name:","required":false},{"id":"169527612523203973","type":"email","label":"E-mail:","required":false},{"id":"169527612523208965","type":"question","label":"Pho

                                                                                                                                                                  Chrome Cache Entry: 258

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):33092
                                                                                                                                                                  Entropy (8bit):7.993894754675653
                                                                                                                                                                  Encrypted:true
                                                                                                                                                                  SSDEEP:768:c+2lFKscxQAuDJ5m/xiYEQNMJjFaf0TteqKt:cZlhcxJuDa/xiMMJhaItzKt
                                                                                                                                                                  MD5:057478083C1D55EA0C2182B24F6DD72F
                                                                                                                                                                  SHA1:CAF557CD276A76992084EFC4C8857B66791A6B7F
                                                                                                                                                                  SHA-256:BB2F90081933C0F2475883CA2C5CFEE94E96D7314A09433FFFC42E37F4CFFD3B
                                                                                                                                                                  SHA-512:98FF4416DB333E5A5A8F8F299C393DD1A50F574A2C1C601A0724A8EA7FB652F6EC0BA2267390327185EBEA55F5C5049AB486D88B4C5FC1585A6A975238507A15
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
                                                                                                                                                                  Preview:wOF2.......D......6...............................a......Z?HVAR...`?STAT.8'2..F/~.....|.M....0....6.$.... ..x..<..[.%Q.i.<.N..t.Yx..5.A...|..g#l....5.....D.Bt.......l.Y].)..(..H.s..V..r*uM....[.**....I.0h.v.Hc.R..]....`$.I)G.+.}....E%.H..|..%nEE.....+.x..7|........[..V....[.......0...CA.._....)2.$.....s_fw....+.V.H.B.<?.?..mloc..1.Q....a.r#...)......|.F>..../6-.......t......>......tO.:f@b....u.I(.Bc..b....7.?A.....vE.}...kb]W7.h..$@......T1t.8.._?...~..,..I..."Y...1..s.V........R.Bf2..I....s.........u.P.&..D./"2qf....p.sv..)b5.yR.$MR3.@.E../>{w.....f...cN...2.v.....]>..Ow...9/!v...r..1.4.n.w...T......=...hRH!.....2`...u..82L...S.v.ik^.V.....@..N....d{..{...NN"'.H...H$..H.<..{?..x.....zv.}.~.N)4.g...X.....8|}...e,%.:..;.Q..88...@..=UVHe....g..zD?..U...~.J...oMoP..6B"Y.{BN...vY<.o..r.7.7j%.Z%.'...]...........YK...,.a-;.M....>\.......%'+8Z.1K.y...9.(;.5 ..M..L.(..9...T)........hx..i2Y...m*..{ulY...d......")^.,.n.~..r..S.o.$.....6=.i...N.....q0 ....

                                                                                                                                                                  Chrome Cache Entry: 259

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):231
                                                                                                                                                                  Entropy (8bit):4.922816391433227
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:AjDLauQDLAaDt5NPhAXk0usMWWXoPfTESWEVgUOvn:AjXaPXAIt5NPaXk3WhHTEHEIvn
                                                                                                                                                                  MD5:C77C70C8570694D5E20553711A6D1B28
                                                                                                                                                                  SHA1:72E8A99D408CCA32977B7C54D2210D53188E94E7
                                                                                                                                                                  SHA-256:BC125921B5E4DDE1C19D4FBC0A6EF3EA616EEE9577822C96B29789B7F69BA5FD
                                                                                                                                                                  SHA-512:7E955D05ED7C1D8637B00590FBD00E61B5458AA185A87AD983780333BFC93322F40359D0FCD27B73DF82E70E765FBE15C10D6707EAB659B84CEC6AF5C57078E9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/14.Du4z9uvj.chunk.js
                                                                                                                                                                  Preview:function n(){return(n=Object.assign?Object.assign.bind():function(n){for(var r=1;r<arguments.length;r++){var a=arguments[r];for(var t in a)({}).hasOwnProperty.call(a,t)&&(n[t]=a[t])}return n}).apply(null,arguments)}export{n as _};.

                                                                                                                                                                  Chrome Cache Entry: 260

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 146 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):10398
                                                                                                                                                                  Entropy (8bit):7.884853187984436
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:9ESLknuemVvVB2LQQ9ThBa+Sva7+lgxIIjscNBqyW6e4tgsr0WKfDRmD6Vl:5gnV2vDWQyThQ+S9KscPbpcDED6j
                                                                                                                                                                  MD5:3BB62209BC927C9A924A58B8633F8131
                                                                                                                                                                  SHA1:9809A2A26F5A67381D8C9C8CBC71576ED94924FB
                                                                                                                                                                  SHA-256:1D823B990728D79CCE5434A2E0A13165467F8363FD427E1CB102418B58989A68
                                                                                                                                                                  SHA-512:ECE3BEAB4E10682BD973CC8E5272018A660925401249AF1349AFAAE9E79AA84C4BED7A06D3C9614355492493E0966319779870A556865CDCFAB5219FCBB8EF17
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/cli-3.png
                                                                                                                                                                  Preview:.PNG........IHDR.......(......*......pHYs................1iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)" xmp:CreateDate="2023-10-23T11:09:43+05:30" xmp:ModifyDate="2023-10-23T16:45:56+05:30" xmp:MetadataDate="2023-10-23T16:45:56+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:63bbb7c6-354d-3748-bad4-c8ddd5ed15fa" xmpMM:DocumentID="adobe:docid:photoshop:4217bcd8-7780-a54b-bf79-59f7ebc0ea68" xmpMM:OriginalDocumentID="xmp.did:b343eb

                                                                                                                                                                  Chrome Cache Entry: 261

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Java source, ASCII text, with very long lines (493)
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):494
                                                                                                                                                                  Entropy (8bit):5.24306508214734
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:yg/wY8YW0DtCNi/0zSbTA5Ie080dwq0Ry5pj5GHs:yhAJtCscVL4wLyb
                                                                                                                                                                  MD5:08D450EB5FA33B1EF4F2F95CFC979747
                                                                                                                                                                  SHA1:DBEA01CB365AA9C0E675D142BD9D3D8F054AD743
                                                                                                                                                                  SHA-256:C08170DC6AC01EF19E7A421EB9B0DC26DE1462846A74F915ACB546AF2B70CF5B
                                                                                                                                                                  SHA-512:A897D86591177A72863B1740C71C9820CBDEEA8D6DD4AC6954AF9444A8F6EEAF4F76A237475E8756E05DC38C40C3B2CCC76A505ABF92EB44BA1688281B2C18CD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:import m from"./0.rxteIwke.chunk.js";import{i as o}from"./1.DNp4aoMv.chunk.js";import{g as r}from"./2.CIwVMl_0.chunk.js";import"./3.BbDRrKd8.chunk.js";import"./4.C_rgEAoe.chunk.js";import"./5.4VquQRII.chunk.js";import"./6.D_CKFAbE.chunk.js";import"./7.Bla8Tg3n.chunk.js";import"./8.xhyEK0_l.chunk.js";import"./9.qYTqns9Q.chunk.js";import"./10.DNvb5pV8.chunk.js";import"./11.BkaKKHPv.chunk.js";import"./12.Gv78iMd6.chunk.js";import"./13.DJPUQwQu.chunk.js";import"./14.Du4z9uvj.chunk.js";o(m,r);.

                                                                                                                                                                  Chrome Cache Entry: 262

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (3259), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):3259
                                                                                                                                                                  Entropy (8bit):5.17462973446332
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:D/YXhrV0jAkspw8C0r0tVfvBXPkgPiH+Oxto+OxnoKAHMA2ox5A6tZBCIUW0U/YC:D/WVyjtseqwHfdxqKEMATv9Cf8l
                                                                                                                                                                  MD5:B572DEF2BF153F5821A16BED9BDDF9F2
                                                                                                                                                                  SHA1:3DAE55B4612B306C0D817096F01F5DE071AABC51
                                                                                                                                                                  SHA-256:66159B04D61FEF7A01D76AB4C9113FA60BCCCD40F6FD9AF1456CD7E4EAC3752B
                                                                                                                                                                  SHA-512:4A2A302EA3965F2B7A8661779F18313408C4BB22CB0F51458C4F78ADFF616002B97AF0C146A68C20BE08904988C6234D89187824F31BD28AA7DA55C42259DD30
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:var improvely=function(){var e=1,n="",o="",i=function(e,n,o){var i=e,t=new Date;t.setDate(t.getDate()+o);var r=i+"="+escape(n);null!=o&&(r+="; expires="+t.toUTCString()),r+="; path=/; SameSite=Lax",document.cookie=r},t=function(e){var n=e;return document.cookie.length>0&&(c_start=document.cookie.indexOf(n+"="),-1!=c_start)?(c_start=c_start+n.length+1,c_end=document.cookie.indexOf(";",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))):null},r=function(e){return window.encodeURIComponent?encodeURIComponent(e):escape(e)},c=function(e){setTimeout(function(){var o=document.createElement("script");o.type="text/javascript",o.src="https://"+n+".iljmp.com"+e+"&rand="+Math.round(1e3*Math.random()),o.async=!0;var i=document.getElementsByTagName("script")[0];i.parentNode.insertBefore(o,i)},1)},a=function(){for(var e,n={},o=location.search.substring(1),i=/([^&=]+)=([^&]*)/g;e=i.exec(o);)n[decodeURIComponent(e[1])]=decodeURIComponent(e[2]);return n

                                                                                                                                                                  Chrome Cache Entry: 263

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):650
                                                                                                                                                                  Entropy (8bit):7.16410425535812
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:rWWpnkPXftyrqdhcUJPJpiZf5HixzLyy2G+Re/KrXwJRBxz1TIRQjkqYbLBMQxZt:rhpUf1GUbirHixzLIGUgJRBxzdzBYP24
                                                                                                                                                                  MD5:9C0C39E27EF1FED30AB01BE22EAE4EA0
                                                                                                                                                                  SHA1:9E1D5E7AE501D58A5AC783D6D8638A65DCB8FA02
                                                                                                                                                                  SHA-256:7A6E037558750389A5C1189835A8313610ECA18963F47B29758899136E951C06
                                                                                                                                                                  SHA-512:DE59E06866C6F60B55BC894483B4DAB6E7181FC16A5630AC78C36280A4484A59B91A45CEB719B0C3EBC64D634929D37CE538FBF2E4C189434FE4FCFB025744D5
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH......dm.GO.6.`c.=..;...{d..am.m....=..p..........<....)...wVM.p..D;...._#..C...............z.....yJp.7`...zf+..MK4..6K.4(.mX...I.`W..Y.?[9\......K.!eJ}...D......|..A.a..W)X.?.V(......~.P.p.Qj.K..o.W&I.}...$.....r.\.J %......B..x>....~"...%r...=...R@...(.........8P...J....JR)..C{...T...O..h5.W+X.../.1....kJ..|...6..W.....Q2.W..WCb7.'m...........$.~..).....L..Y..v......%i.u..6"..c..t.V..U.......~yrg.L.N.VP8 b...p....* . .>.H.K%.".......@...&.~.(Iw..h..,.....&.M.a5w..A.....W.K.sX..p .?C.....}...}5.9..6.....PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 264

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 8 x 5, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1069
                                                                                                                                                                  Entropy (8bit):6.07241463176548
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:m1hTWwh82lYSKwRkKRwVLWT3zyJ3V1h7lhJGW2oZuX0I:s4vnLCXwoqJ3Hh2cut
                                                                                                                                                                  MD5:F4C4999A6D759768618EE345C1889501
                                                                                                                                                                  SHA1:30F1410A97847EE6B2131523679642270376FF59
                                                                                                                                                                  SHA-256:BE95EB090845E93DADB0B13F1EE083D2AAB010667535D9618B1CC955BC1F326B
                                                                                                                                                                  SHA-512:5D37D5C2798B311578085B199117ACB4D4C158BB0E8EB0BAFF328C6706900B629CE3FBD5DC6570B24F2DC0F46747EBF346658FCC7CEB2E5F950BB85408310F6E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.PNG........IHDR.............x..U....tEXtSoftware.Adobe ImageReadyq.e<...jiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:89B37AD1252011ED811CC5C6473F0613" xmpMM:DocumentID="xmp.did:BA0C63644AF711EDACCDB40F3E7E842A" xmpMM:InstanceID="xmp.iid:BA0C63634AF711EDACCDB40F3E7E842A" xmp:CreatorTool="Adobe Photoshop 23.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:152540E5290D11EDA0D0FB0198ABC0EA" stRef:documentID="xmp.did:152540E6290D11EDA0D0FB0198ABC0EA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......YIDATx.b...........?........l5E#.@. ....

                                                                                                                                                                  Chrome Cache Entry: 265

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 146 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):10398
                                                                                                                                                                  Entropy (8bit):7.884853187984436
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:9ESLknuemVvVB2LQQ9ThBa+Sva7+lgxIIjscNBqyW6e4tgsr0WKfDRmD6Vl:5gnV2vDWQyThQ+S9KscPbpcDED6j
                                                                                                                                                                  MD5:3BB62209BC927C9A924A58B8633F8131
                                                                                                                                                                  SHA1:9809A2A26F5A67381D8C9C8CBC71576ED94924FB
                                                                                                                                                                  SHA-256:1D823B990728D79CCE5434A2E0A13165467F8363FD427E1CB102418B58989A68
                                                                                                                                                                  SHA-512:ECE3BEAB4E10682BD973CC8E5272018A660925401249AF1349AFAAE9E79AA84C4BED7A06D3C9614355492493E0966319779870A556865CDCFAB5219FCBB8EF17
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.PNG........IHDR.......(......*......pHYs................1iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)" xmp:CreateDate="2023-10-23T11:09:43+05:30" xmp:ModifyDate="2023-10-23T16:45:56+05:30" xmp:MetadataDate="2023-10-23T16:45:56+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:63bbb7c6-354d-3748-bad4-c8ddd5ed15fa" xmpMM:DocumentID="adobe:docid:photoshop:4217bcd8-7780-a54b-bf79-59f7ebc0ea68" xmpMM:OriginalDocumentID="xmp.did:b343eb

                                                                                                                                                                  Chrome Cache Entry: 266

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 143 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):3137
                                                                                                                                                                  Entropy (8bit):7.2570793551597985
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:USLknmWIHpFLIPYlHGLAHRUy/+B2NRWEOwtq:USLknrWmU2y/+B2b44q
                                                                                                                                                                  MD5:7AA575833CF34CA440D2DD3DB14261A7
                                                                                                                                                                  SHA1:23F6D27223AAC415D2FD17E07DE98A15FF976EBC
                                                                                                                                                                  SHA-256:C47501AF410F3327B36E9421B3BA578D11786D23064205353AAAF24D2BDF618F
                                                                                                                                                                  SHA-512:75F441670C02AECC3710681926187A48BA7BA9A1E0A5B382B615D3C6046C1D8312502B61A13CFF239DBB7D49CA5B752F956F83827860355ACBDAB1D2BB355FC3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.PNG........IHDR...............^.....pHYs................1iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)" xmp:CreateDate="2023-10-23T11:09:43+05:30" xmp:ModifyDate="2023-10-23T16:44:46+05:30" xmp:MetadataDate="2023-10-23T16:44:46+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:05c37dbd-8b1d-3f47-91c3-daad8f941613" xmpMM:DocumentID="adobe:docid:photoshop:77fcb895-4928-2449-892c-0bcf2153b430" xmpMM:OriginalDocumentID="xmp.did:272b13

                                                                                                                                                                  Chrome Cache Entry: 267

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):666
                                                                                                                                                                  Entropy (8bit):7.258438477107102
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:MPWpnJ4ptzI3fksJgZAYcjpxr+Y7/UaJj6hsnq/UMmp4FfMQxZt:MOpKpQkA3Y4tUaJj6GniIOT
                                                                                                                                                                  MD5:2444B2DF7E6BF2A700CB224F3BB1F055
                                                                                                                                                                  SHA1:75020AEEF17C090716B852D65797BBA6A1007FAB
                                                                                                                                                                  SHA-256:E371E5D044A924DB26972AF5FB85E404E62AA64ED0A02FDA01FC43EDFD3556CF
                                                                                                                                                                  SHA-512:651B4F5434F64DD69695B241FF69369843ECF9403752ADAD57FF95F345298722D5EDE0124F5091183ED9F90AC8F86608FA836545B5F773E0BD32935217C73D6B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/soc002.webp
                                                                                                                                                                  Preview:RIFF....WEBPVP8X..............ALPH.......m.7wl.n4.m.Gm..g.....m..v.'..~W.~8.l "&@....E.e.\t_.h..dI..a.|......$i.`.|.r.....+c>.O.......Re.....oS...}..0JY..0l....S?.5R.7/[H.......................2..r.......wO.'q...Y....I3yY...3@u+y{.......Y..?.<....].L}.G..Am.k.....C.......OY......z'<...t5.`...R.J.>?.5R.%(V..(p.]...../..jT.>'...Q.)..Y...[88.<..9..I..Z..^.M[._.}...o..|.%.Y..,`............6y.....r.E..}....VP8 ....P....* . .>.H.K%.".......j............^...|..E......&..d.+...J...50...%n..~..A.P..9........^...q.~R.E.1....i.V..0QN:^....2.7.\*$..Y.i19Z.] ..PSAIN...8BIM........................8BIM.(..........?.......8BIM.C......PbeW.....F....

                                                                                                                                                                  Chrome Cache Entry: 268

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):240
                                                                                                                                                                  Entropy (8bit):4.554738024417052
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:ABgXGeAxgB1arV0QXGVq/QRYLjRlXKJDGMb/AgwiU9:AT5xgBEPSuSDGK/wb
                                                                                                                                                                  MD5:8EC94005C25C7E0874B7B048EA97DC00
                                                                                                                                                                  SHA1:2649E6120DFF6489D15CF68A590E6E73E153AAE3
                                                                                                                                                                  SHA-256:D3B76FB03A7607B5DA00FC0252BE26FEF8C76A0B68FEB2FF19B439EEEAB3F705
                                                                                                                                                                  SHA-512:9A70F8F3A88F62567ACC8CA189563118B54F15202CB1C9A5CB055F4D6D3FD1DC2E8B6F8F76768F42B57563546F10A12B51E460183E2C224226CFD25C624DDD76
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:function n(n){return function(t){return function(i,e){var o;0===i&&t(0,(function(t,i){if(1===t||2===t&&void 0===i){if(!o&&2===t)return e(t,i);o&&clearTimeout(o),o=setTimeout((function(){e(t,i),o=void 0}),n)}else e(t,i)}))}}}export{n as d};.

                                                                                                                                                                  Chrome Cache Entry: 269

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 356 x 51, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):9911
                                                                                                                                                                  Entropy (8bit):7.5289940462271945
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:vSqknvJNDaDraz3F9HZ9N868/IodQDxkFE1k4b+3vv+6DMRF+3ur/A:a5nrDaDOz3PTWJQodMKeiwyO6DMRF+3H
                                                                                                                                                                  MD5:D6FBF93EB66D3551C70FD45716D8902C
                                                                                                                                                                  SHA1:33432A12017E3CD662DF9B71319A0668F3C57035
                                                                                                                                                                  SHA-256:0A5F039926DCA1CE6B78F7EE476AFC3A348499FB48311AB0212F81D839774BFE
                                                                                                                                                                  SHA-512:F6377665558041FF802E164931FF4B61115B7F5553E1827888312AF78EFF3D42DB52C746BFBA7B426AFCE0EA81AECA53433CF092ABFF1E81C779C029D7F0D79B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/imagenew20/prod-spr-El.png
                                                                                                                                                                  Preview:.PNG........IHDR...d...3.......r.....pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c002 79.a6a6396, 2024/03/12-07:48:23 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 25.3 (Windows)" xmp:CreateDate="2024-01-08T16:02:18+05:30" xmp:ModifyDate="2024-05-27T15:24:39+05:30" xmp:MetadataDate="2024-05-27T15:24:39+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:ad586e42-d975-5143-bcd3-defaf0b010e4" xmpMM:DocumentID="adobe:docid:photoshop:965558e8-9b1f-294

                                                                                                                                                                  Chrome Cache Entry: 270

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:Java source, ASCII text, with very long lines (493)
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):494
                                                                                                                                                                  Entropy (8bit):5.24306508214734
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:yg/wY8YW0DtCNi/0zSbTA5Ie080dwq0Ry5pj5GHs:yhAJtCscVL4wLyb
                                                                                                                                                                  MD5:08D450EB5FA33B1EF4F2F95CFC979747
                                                                                                                                                                  SHA1:DBEA01CB365AA9C0E675D142BD9D3D8F054AD743
                                                                                                                                                                  SHA-256:C08170DC6AC01EF19E7A421EB9B0DC26DE1462846A74F915ACB546AF2B70CF5B
                                                                                                                                                                  SHA-512:A897D86591177A72863B1740C71C9820CBDEEA8D6DD4AC6954AF9444A8F6EEAF4F76A237475E8756E05DC38C40C3B2CCC76A505ABF92EB44BA1688281B2C18CD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/livechat.BPz2GY67.js
                                                                                                                                                                  Preview:import m from"./0.rxteIwke.chunk.js";import{i as o}from"./1.DNp4aoMv.chunk.js";import{g as r}from"./2.CIwVMl_0.chunk.js";import"./3.BbDRrKd8.chunk.js";import"./4.C_rgEAoe.chunk.js";import"./5.4VquQRII.chunk.js";import"./6.D_CKFAbE.chunk.js";import"./7.Bla8Tg3n.chunk.js";import"./8.xhyEK0_l.chunk.js";import"./9.qYTqns9Q.chunk.js";import"./10.DNvb5pV8.chunk.js";import"./11.BkaKKHPv.chunk.js";import"./12.Gv78iMd6.chunk.js";import"./13.DJPUQwQu.chunk.js";import"./14.Du4z9uvj.chunk.js";o(m,r);.

                                                                                                                                                                  Chrome Cache Entry: 271

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:PNG image data, 199 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):9112
                                                                                                                                                                  Entropy (8bit):7.863227970853859
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:jSLknHcSmxJTRaedL4LnKJd3lmYvcaB3zeMxqV1+mqhfPM:WgnrUTRaedfJdV5vcaB3zer1kh3M
                                                                                                                                                                  MD5:3FA0F98D2D97658E176309F55C1C9C83
                                                                                                                                                                  SHA1:BB9CD755A57B7D900751F591E2EFDDACF8610A94
                                                                                                                                                                  SHA-256:788586C1DE232C9839A6F05D3E665AA1E9E1CF6384E0A86B78E4E6F99C633CAA
                                                                                                                                                                  SHA-512:07E69E308C57558FEEBAF2F658E31F10944E6CB730B6524F1CA53B9F08743FE4980B4A1ED1AB101EBC47B161431B8F05482DD26AE250995F3B33DC33D8055445
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:.PNG........IHDR..............N......pHYs................1iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 25.0 (Windows)" xmp:CreateDate="2023-10-23T11:09:43+05:30" xmp:ModifyDate="2023-10-23T16:45:19+05:30" xmp:MetadataDate="2023-10-23T16:45:19+05:30" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:86bb4abc-6731-6140-a99c-3f3c1ddc55e1" xmpMM:DocumentID="adobe:docid:photoshop:532a0c31-e14a-534a-92ae-551b0e6d1aee" xmpMM:OriginalDocumentID="xmp.did:7312ed

                                                                                                                                                                  Chrome Cache Entry: 272

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (2942), with CRLF line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):43530
                                                                                                                                                                  Entropy (8bit):5.092622438257034
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:obXgZTB3ukarEFeVNBWj1NnAKiVZai3pXy+A:/BdF1UKwaUm
                                                                                                                                                                  MD5:1A6709C312044C97E926E8DBB4C344E7
                                                                                                                                                                  SHA1:F3408DFB129EDB5D3A1FDD8F4399031B5DA2B27B
                                                                                                                                                                  SHA-256:FA464479B4D9CF29486B1B03C238CB5F071757EC3BBE8DDDCD789963A8050781
                                                                                                                                                                  SHA-512:7C81D262A343DEF365B3F7DA6470B48984E055434C6104CCC2E2B7105859AFF8AC575D692DE42A28302220125F95A9CAD4B204633BCB81575E48C0894321B903
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/cssnew/freeware-download.css
                                                                                                                                                                  Preview:@import url('https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;800&display=swap');..html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;}..body{font-family:"Montserrat", "Arial";font-size:16px;margin:0;overflow-x: hidden; word-break: break-word; position: static!important;} ..:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-succes

                                                                                                                                                                  Chrome Cache Entry: 273

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):67959
                                                                                                                                                                  Entropy (8bit):5.185618087726088
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:/ORVvLZMH5qMlf2z3BamRHw0cyKrnz2POx/8uptKL56:/OLvWHsSiamRHpKr6k/8uLKLc
                                                                                                                                                                  MD5:45AE772AE64D65910AFBD840F5D11187
                                                                                                                                                                  SHA1:7C002DD0177C2ACACBB7B99193C1EB905894A947
                                                                                                                                                                  SHA-256:826380D54216968373B441CE9EA174313EE6290D704E82E2281C5BC70521EB7E
                                                                                                                                                                  SHA-512:C07E62A99811402D512F3F894FD0A0B92067310B80B0053E79763EA491E0495811EDE9B9364356546A22A613EF8F14B478DC489C7B941B8DBD49B8FCB4F91EC6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/0.rxteIwke.chunk.js
                                                                                                                                                                  Preview:import{_ as e,dm as t,dn as a,dp as r,dq as n,dr as s,aH as i,ds as o,b5 as c,dt as d,$ as p,aF as l,y as u,u as m,du as h,ci as g,dv as v,dw as _,dx as f,dy as y,dz as I,dA as S,b9 as b,dB as C,ad as T,dC as E,dD as w,dE as k,dF as A,dG as N,dH as q,dI as O,dJ as P,dK as F,dL as x,dM as U,dN as L,dO as j,dP as M,dQ as D,dR as G,dS as z,dT as R,dU as V,dV as H,dW as B,dX as Q,dY as J,dZ as W,d_ as Y,d$ as Z,e0 as K,e1 as X,e2 as $,e3 as ee,e4 as te,e5 as ae,e6 as re,e7 as ne,e8 as se,e9 as ie,V as oe,P as ce,L as de,ea as pe,c8 as le,af as ue,aC as me,eb as he,ar as ge,ec as ve,ed as _e,ee as fe,ef as ye,eg as Ie,U as Se,cs as be,eh as Ce,br as Te,ei as Ee,ej as we,ek as ke,j as Ae,av as Ne,R as qe,el as Oe,I as Pe,em as Fe,en as xe,eo as Ue,ep as Le,eq as je,D as Me,er as De,cQ as Ge,ag as ze,x as Re,bZ as Ve,aB as He,aD as Be,es as Qe,et as Je,cA as We,eu as Ye,ev as Ze,ew as Ke,ex as Xe,ch as $e,cw as et,ey as tt,ez as at,e as rt,eA as nt,K as st,eB as it,eC as ot,eD as ct,cz as dt,

                                                                                                                                                                  Chrome Cache Entry: 274

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (21136)
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):21137
                                                                                                                                                                  Entropy (8bit):5.150165159622828
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:kgLn9YE+ZEPpjINAP2vYH70QIYzqTuDOrKOf71by1F8RrqWTVbvcaUHmvUgvrQ67:kgL9Y3ZEPpjIN270QIYzqKDOrKk71u1g
                                                                                                                                                                  MD5:DDDDECE81151FA70E6832F1596811F33
                                                                                                                                                                  SHA1:5DAE2B0BD445009BFE76218A6533C8E7D973A064
                                                                                                                                                                  SHA-256:4CFB4286E4523D8F76B2058D3A1CDA39F49BA92BDE2537CAC6DA5B64FDF408FF
                                                                                                                                                                  SHA-512:6B0B925F6CCFEB169109C1234FE872125B7A40CA593EF3F40FFA67643632FDEE5C0648CD17D61C79638D7A85B1FB35F80D47FEE92679753750DF1DE65DDE2864
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/11.BkaKKHPv.chunk.js
                                                                                                                                                                  Preview:import{eZ as e,ar as t,P as r,ap as s,eU as a,V as n,bM as i,aH as o,r as p,ad as u,w as l,L as c,M as d,d3 as m,b9 as g,e_ as h,D as y,bI as v,O as f,U as _,cX as b,$ as I,az as x,p as T,e$ as w,b7 as k,u as M,eI as S,q as U}from"./3.BbDRrKd8.chunk.js";import{u as q,v as V}from"./5.4VquQRII.chunk.js";import{h as j,g as C,d as B,t as D,c as F}from"./6.D_CKFAbE.chunk.js";const A=e=>{let{id:t,authorId:r,timestamp:s,serverId:a=t,threadId:n=null,seen:i=!1}=e;return{id:t,serverId:a,thread:n,author:r,timestamp:s,seen:i}},E=e=>{let{id:t,customId:r,authorId:s,timestamp:a,threadId:n,properties:i,seen:o,serverId:p,type:u,text:l,urlDetails:c,...d}=e;return d},O=e=>q("bb9e5b2f1ab480e4a715977b7b1b4279",e.properties)?{reaction:t("bb9e5b2f1ab480e4a715977b7b1b4279.message_reaction",e.properties)}:null,z=e=>q("aa8151b317737a3e79d8e3384e6082de",e.properties)?{useFixedAnswers:t("aa8151b317737a3e79d8e3384e6082de.use_fixed_answers",e.properties)}:null,L=t=>{if(t.urlDetails){const{urlDetails:e}=t;return{...

                                                                                                                                                                  Chrome Cache Entry: 275

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):80134
                                                                                                                                                                  Entropy (8bit):5.179143637316361
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:YSMTGR2t4n+3ifBHJR9WbUHk3j8YY+PwRM3CGJI9BqQM6kE:p4Fj8GPwRM3CiI9BtP
                                                                                                                                                                  MD5:6A48426946F14478E1494531163BFBCE
                                                                                                                                                                  SHA1:215B40549736AA625B937621FAA89ACE3AFBD091
                                                                                                                                                                  SHA-256:005987B9C68284DCDE7BAEB4C52DE971F6FCC5D66452C478839CF92262F898BB
                                                                                                                                                                  SHA-512:DC81CD0DDF8FC8C041A5420B9403EB3724B78F495C8A49ECF801CA49DF2BDE113B1837907B3C53B24CEFEC161E09EA7C9C582EDD75E01BC149202C68BFAAEC5F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://www.nucleustechnologies.com/jsnew/bootstrap.bundleV5.2.min.js
                                                                                                                                                                  Preview:!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).bootstrap=e()}(this,(function(){"use strict";const t="transitionend",e=t=>{let e=t.getAttribute("data-bs-target");if(!e||"#"===e){let i=t.getAttribute("href");if(!i||!i.includes("#")&&!i.startsWith("."))return null;i.includes("#")&&!i.startsWith("#")&&(i=`#${i.split("#")[1]}`),e=i&&"#"!==i?i.trim():null}return e},i=t=>{const i=e(t);return i&&document.querySelector(i)?i:null},n=t=>{const i=e(t);return i?document.querySelector(i):null},s=e=>{e.dispatchEvent(new Event(t))},o=t=>!(!t||"object"!=typeof t)&&(void 0!==t.jquery&&(t=t[0]),void 0!==t.nodeType),r=t=>o(t)?t.jquery?t[0]:t:"string"==typeof t&&t.length>0?document.querySelector(t):null,a=t=>{if(!o(t)||0===t.getClientRects().length)return!1;const e="visible"===getComputedStyle(t).getPropertyValue("visibility"),i=t.closest("details:not([open])");if(!i

                                                                                                                                                                  Chrome Cache Entry: 276

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (306)
                                                                                                                                                                  Category:downloaded
                                                                                                                                                                  Size (bytes):307
                                                                                                                                                                  Entropy (8bit):4.79870183908231
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:AP4m8+ERIT5CY3+RrgDLQRSUrjCl95Z+7K/Yrcha0qkRD2QwAyETsYAdiOD:APyZI1CY3wEFUrkZmKw70f2OyETsbD
                                                                                                                                                                  MD5:A611E384114CEB76E510A16B37F9738C
                                                                                                                                                                  SHA1:B0F870C2E48579C20693ADE91E76B1687EB51883
                                                                                                                                                                  SHA-256:40DC48349BC43C0444A7C11AEE8FAFB09DF8809D1DCDB7B664D69E48A097FF6A
                                                                                                                                                                  SHA-512:898D0E3D35B79685F9DC130F159DD3F2CE9AF823DFCAEDCA76BF8BCF62C4885586E71BB99FB39D050A46F5A63970792DA459767166C9276DBCE180CCF92971F6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  URL:https://cdn.livechatinc.com/widget/static/js/10.DNvb5pV8.chunk.js
                                                                                                                                                                  Preview:function t(t,n){let e,o=Date.now()-2*t;const r=function(){return o=Date.now(),n(...arguments)},a=()=>clearTimeout(e),c=function(){const n=Date.now();n-o>=t&&(o=Date.now()),a();for(var c=arguments.length,u=new Array(c),i=0;i<c;i++)u[i]=arguments[i];e=setTimeout(r,o-n+t,...u)};return c.cancel=a,c}export{t};.

                                                                                                                                                                  Static File Info

                                                                                                                                                                  General

                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Entropy (8bit):7.997865712816279
                                                                                                                                                                  TrID:
                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 98.71%
                                                                                                                                                                  • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                  • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                  File name:freekernelpstviewer.exe
                                                                                                                                                                  File size:5'169'960 bytes
                                                                                                                                                                  MD5:e761750e919f40a6efdfbd8bb51b9fe5
                                                                                                                                                                  SHA1:7fbd636fdf04b0fba858c70f4704a6eb1a6be15c
                                                                                                                                                                  SHA256:4e2eb12620d5c06822913b82decc1c44d272082ce75a266e0ec3ab4e38c52ab9
                                                                                                                                                                  SHA512:01c74d310b6ee726aeb5aa500a7f75a4b8595a76abd2471845332b9a571382579b8b068b81516e9ca156610ac9236da8e71b6af4baba6518372b835ef1600d12
                                                                                                                                                                  SSDEEP:98304:v5ZaZ+P8NBo1EcmcnwqkqSn4pPgbkFdENr7gpU1gi6edhPUHHYYS/:pUBMnNwjIpoosZgpUGhohPwS
                                                                                                                                                                  TLSH:89363369BB8916BBD6648D351CB9C723CB8A2F13572780021A74BC39CB75080DF7776A
                                                                                                                                                                  File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                  File Icon

                                                                                                                                                                  Icon Hash:4b34341834a44b75

                                                                                                                                                                  Static PE Info

                                                                                                                                                                  General

                                                                                                                                                                  Entrypoint:0x40aa98
                                                                                                                                                                  Entrypoint Section:CODE
                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                  Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                  OS Version Major:1
                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                  File Version Major:1
                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                  Subsystem Version Major:1
                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                  Import Hash:2fb819a19fe4dee5c03e8c6a79342f79

                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                  Signature Issuer:CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                  Error Number:0
                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                  • 14/06/2019 06:18:25 14/06/2022 06:18:25
                                                                                                                                                                  Subject Chain
                                                                                                                                                                  • CN=KernelApps Private Limited, O=KernelApps Private Limited, STREET="B 57, 2nd floor, Sector 57", L=Noida, S=Uttar Pradesh, C=IN, OID.1.3.6.1.4.1.311.60.2.1.2=Uttar Pradesh, OID.1.3.6.1.4.1.311.60.2.1.3=IN, SERIALNUMBER=U72900DL2018PTC336564, OID.2.5.4.15=Private Organization
                                                                                                                                                                  Version:3
                                                                                                                                                                  Thumbprint MD5:29BE5435FFC7BB68C57C14501761C554
                                                                                                                                                                  Thumbprint SHA-1:8D383346FF4E1D2D291F42F75C8076A682DA3D82
                                                                                                                                                                  Thumbprint SHA-256:49D5A983F11EBC4FAE70670D2AFEFF84396BF49D5DAF5150B55CCB9F3EC6285D
                                                                                                                                                                  Serial:427E49A296360102B93CB0A4

                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                  Instruction
                                                                                                                                                                  push ebp
                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                  add esp, FFFFFFC4h
                                                                                                                                                                  push ebx
                                                                                                                                                                  push esi
                                                                                                                                                                  push edi
                                                                                                                                                                  xor eax, eax
                                                                                                                                                                  mov dword ptr [ebp-10h], eax
                                                                                                                                                                  mov dword ptr [ebp-24h], eax
                                                                                                                                                                  call 00007FC26CDBAF23h
                                                                                                                                                                  call 00007FC26CDBC12Ah
                                                                                                                                                                  call 00007FC26CDBC491h
                                                                                                                                                                  call 00007FC26CDBC8ACh
                                                                                                                                                                  call 00007FC26CDBE84Bh
                                                                                                                                                                  call 00007FC26CDC11E2h
                                                                                                                                                                  call 00007FC26CDC1349h
                                                                                                                                                                  xor eax, eax
                                                                                                                                                                  push ebp
                                                                                                                                                                  push 0040B169h
                                                                                                                                                                  push dword ptr fs:[eax]
                                                                                                                                                                  mov dword ptr fs:[eax], esp
                                                                                                                                                                  xor edx, edx
                                                                                                                                                                  push ebp
                                                                                                                                                                  push 0040B132h
                                                                                                                                                                  push dword ptr fs:[edx]
                                                                                                                                                                  mov dword ptr fs:[edx], esp
                                                                                                                                                                  mov eax, dword ptr [0040D014h]
                                                                                                                                                                  call 00007FC26CDC1E1Bh
                                                                                                                                                                  call 00007FC26CDC1A06h
                                                                                                                                                                  cmp byte ptr [0040C234h], 00000000h
                                                                                                                                                                  je 00007FC26CDC28FEh
                                                                                                                                                                  call 00007FC26CDC1F18h
                                                                                                                                                                  xor eax, eax
                                                                                                                                                                  call 00007FC26CDBBC19h
                                                                                                                                                                  lea edx, dword ptr [ebp-10h]
                                                                                                                                                                  xor eax, eax
                                                                                                                                                                  call 00007FC26CDBEE5Bh
                                                                                                                                                                  mov edx, dword ptr [ebp-10h]
                                                                                                                                                                  mov eax, 0040DE30h
                                                                                                                                                                  call 00007FC26CDBAFBAh
                                                                                                                                                                  push 00000002h
                                                                                                                                                                  push 00000000h
                                                                                                                                                                  push 00000001h
                                                                                                                                                                  mov ecx, dword ptr [0040DE30h]
                                                                                                                                                                  mov dl, 01h
                                                                                                                                                                  mov eax, 00407808h
                                                                                                                                                                  call 00007FC26CDBF716h
                                                                                                                                                                  mov dword ptr [0040DE34h], eax
                                                                                                                                                                  xor edx, edx
                                                                                                                                                                  push ebp
                                                                                                                                                                  push 0040B0EAh
                                                                                                                                                                  push dword ptr fs:[edx]
                                                                                                                                                                  mov dword ptr fs:[edx], esp
                                                                                                                                                                  call 00007FC26CDC1E76h
                                                                                                                                                                  mov dword ptr [0040DE3Ch], eax
                                                                                                                                                                  mov eax, dword ptr [0040DE3Ch]
                                                                                                                                                                  cmp dword ptr [eax+0Ch], 00000000h

                                                                                                                                                                  Data Directories

                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xe0000x97c.idata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x120000x8234.rsrc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x4ec9a00x1988
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x110000x0.reloc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x100000x18.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                  Sections

                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                  CODE0x10000xa1d00xa200b7ea439d9c6d5ec722056c9243fb3054False0.6025028935185185data6.643749028594943IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  DATA0xc0000x2500x4009b2268ed5360951559d8041925d025fbFalse0.3037109375data2.740124513017086IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  BSS0xd0000xe940x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .idata0xe0000x97c0xa00df5f31e62e05c787fd29eed7071bf556False0.41796875data4.486076246232586IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .tls0xf0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .rdata0x100000x180x20014dfa4128117e7f94fe2f8d7dea374a0False0.05078125data0.190488766434666IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .reloc0x110000x91c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .rsrc0x120000x82340x84007c06bd8aaacbdf7f91c16382c32eb4f2False0.2769590435606061data5.052204088995035IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                                                                  Resources

                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                  RT_ICON0x124140x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.5534682080924855
                                                                                                                                                                  RT_ICON0x1297c0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 672EnglishUnited States0.6745391705069125
                                                                                                                                                                  RT_ICON0x130440x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.6092057761732852
                                                                                                                                                                  RT_ICON0x138ec0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.14578891257995735
                                                                                                                                                                  RT_ICON0x147940x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5531914893617021
                                                                                                                                                                  RT_ICON0x14bfc0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.40737704918032785
                                                                                                                                                                  RT_ICON0x155840x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.28353658536585363
                                                                                                                                                                  RT_ICON0x1662c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.06441908713692945
                                                                                                                                                                  RT_STRING0x18bd40x2f2data0.35543766578249336
                                                                                                                                                                  RT_STRING0x18ec80x30cdata0.3871794871794872
                                                                                                                                                                  RT_STRING0x191d40x2cedata0.42618384401114207
                                                                                                                                                                  RT_STRING0x194a40x68data0.75
                                                                                                                                                                  RT_STRING0x1950c0xb4data0.6277777777777778
                                                                                                                                                                  RT_STRING0x195c00xaedata0.5344827586206896
                                                                                                                                                                  RT_RCDATA0x196700x2cdata1.2045454545454546
                                                                                                                                                                  RT_GROUP_ICON0x1969c0x76dataEnglishUnited States0.6610169491525424
                                                                                                                                                                  RT_VERSION0x197140x4f4dataEnglishUnited States0.3107255520504732
                                                                                                                                                                  RT_MANIFEST0x19c080x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924

                                                                                                                                                                  Imports

                                                                                                                                                                  DLLImport
                                                                                                                                                                  kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
                                                                                                                                                                  user32.dllMessageBoxA
                                                                                                                                                                  oleaut32.dllVariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
                                                                                                                                                                  advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
                                                                                                                                                                  kernel32.dllWriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
                                                                                                                                                                  user32.dllTranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
                                                                                                                                                                  comctl32.dllInitCommonControls
                                                                                                                                                                  advapi32.dllAdjustTokenPrivileges

                                                                                                                                                                  Possible Origin

                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                  Network Behavior

                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                  TCP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Oct 1, 2024 17:26:08.127051115 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                  Oct 1, 2024 17:26:20.210772038 CEST49672443192.168.2.4173.222.162.32
                                                                                                                                                                  Oct 1, 2024 17:26:20.210823059 CEST44349672173.222.162.32192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:21.136183023 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:21.136209965 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:21.136270046 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:21.138943911 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:21.138957024 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:21.954488993 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:21.954674959 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:21.962987900 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:21.963022947 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:21.963506937 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:22.018901110 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:23.077534914 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:23.119426012 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.341789007 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.341811895 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.341818094 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.341850996 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.341896057 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.341902971 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.341938019 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:23.341958046 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.341974020 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:23.342006922 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:23.342700005 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.342767954 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:23.342772961 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.342824936 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:23.973467112 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:23.973505974 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:23.973516941 CEST49733443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:23.973522902 CEST443497334.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:38.276774883 CEST5460653192.168.2.4162.159.36.2
                                                                                                                                                                  Oct 1, 2024 17:26:38.281569958 CEST5354606162.159.36.2192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:38.281683922 CEST5460653192.168.2.4162.159.36.2
                                                                                                                                                                  Oct 1, 2024 17:26:38.286493063 CEST5354606162.159.36.2192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:38.747833967 CEST5460653192.168.2.4162.159.36.2
                                                                                                                                                                  Oct 1, 2024 17:26:38.752919912 CEST5354606162.159.36.2192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:38.752975941 CEST5460653192.168.2.4162.159.36.2
                                                                                                                                                                  Oct 1, 2024 17:26:38.768810034 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:38.768836975 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:38.768929005 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:38.769329071 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:38.769344091 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:39.768657923 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:39.768753052 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:39.791486979 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:39.791507959 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:39.791769981 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:39.845904112 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:39.899410009 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:39.947406054 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:40.153434038 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:40.153502941 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:40.153567076 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:40.169677019 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:40.169696093 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:40.169713020 CEST54607443192.168.2.413.85.23.206
                                                                                                                                                                  Oct 1, 2024 17:26:40.169718027 CEST4435460713.85.23.206192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:40.364176989 CEST54608443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:40.364243031 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:40.364343882 CEST54608443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:40.376481056 CEST54608443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:40.376502991 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:41.736725092 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:41.736870050 CEST54608443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:41.740616083 CEST54608443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:41.740634918 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:41.740964890 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:41.741983891 CEST54608443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:41.787406921 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:41.982629061 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:41.982706070 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:41.982763052 CEST54608443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:41.982906103 CEST54608443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:41.982925892 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:41.982950926 CEST54608443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:41.982956886 CEST443546084.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:43.518578053 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:43.518625975 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:43.518682957 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:43.519092083 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:43.519105911 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:44.524260998 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:44.524466991 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:44.526174068 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:44.526190996 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:44.526452065 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:44.527518034 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:44.575396061 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.129848957 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.129888058 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.129949093 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:45.129951954 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.129962921 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.130013943 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:45.132821083 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.132885933 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:45.132895947 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.132906914 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.132960081 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:45.135503054 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:45.135514021 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.135535002 CEST54609443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:45.135540009 CEST443546094.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.297045946 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:45.297102928 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:45.297164917 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:45.297759056 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:45.297776937 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.070907116 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.071002007 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.088571072 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.088603973 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.088840961 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.099884033 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.143412113 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.405966043 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.405985117 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.405999899 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.406079054 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.406106949 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.406151056 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.407434940 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.407479048 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.407516956 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.407527924 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.407545090 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.407612085 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.407654047 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.429073095 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.429104090 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.429131031 CEST54610443192.168.2.44.175.87.197
                                                                                                                                                                  Oct 1, 2024 17:26:46.429138899 CEST443546104.175.87.197192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.877290010 CEST4973180192.168.2.4104.18.21.226
                                                                                                                                                                  Oct 1, 2024 17:26:46.877351999 CEST4973280192.168.2.4104.18.20.226
                                                                                                                                                                  Oct 1, 2024 17:26:46.877408981 CEST4972980192.168.2.4104.18.21.226
                                                                                                                                                                  Oct 1, 2024 17:26:46.882457018 CEST8049731104.18.21.226192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.882512093 CEST4973180192.168.2.4104.18.21.226
                                                                                                                                                                  Oct 1, 2024 17:26:46.882777929 CEST8049732104.18.20.226192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.882821083 CEST4973280192.168.2.4104.18.20.226
                                                                                                                                                                  Oct 1, 2024 17:26:46.882958889 CEST8049729104.18.21.226192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:46.883012056 CEST4972980192.168.2.4104.18.21.226
                                                                                                                                                                  Oct 1, 2024 17:26:53.463670969 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:53.463717937 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:53.464052916 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:53.464688063 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:53.464716911 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:53.465219021 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:53.466427088 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:53.466440916 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:53.468416929 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:53.468427896 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.213443995 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.216106892 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.248156071 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.248166084 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.248290062 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.248302937 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.249610901 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.249669075 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.249926090 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.249984980 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.265489101 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.265608072 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.272304058 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.272703886 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.274050951 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.274060965 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.385821104 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.453684092 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.453722954 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.453761101 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.453778982 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.453823090 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.454185963 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.454195976 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.457012892 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.457021952 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.457070112 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.457077980 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.477229118 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.477731943 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.477766037 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.477832079 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.478060007 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.478069067 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.480784893 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.480828047 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.480885029 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.481153011 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.481168032 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.500010967 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.500070095 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.500135899 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.500334024 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.500348091 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.516033888 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:26:54.516061068 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.516108036 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:26:54.517481089 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:26:54.517496109 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.523394108 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.526987076 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.540254116 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.540266991 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.540307045 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.540319920 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.540360928 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.540380001 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.541134119 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.541142941 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.541192055 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.541198015 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.541240931 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.542040110 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.542049885 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.542093039 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.542098045 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.542140961 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.568068027 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.568079948 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.568121910 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.568130016 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.568186998 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.568197012 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.568376064 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.568384886 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.568444967 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.568453074 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.616270065 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.616333008 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.616353035 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.616389990 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.616398096 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.616421938 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.616435051 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.616450071 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.628195047 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.628268957 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.628278971 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.628305912 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.628349066 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.628356934 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.628411055 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.628606081 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.628876925 CEST54616443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.628892899 CEST4435461667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.643759966 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.643786907 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.643821955 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.643857002 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.643871069 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.643917084 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.702661037 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.702681065 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.702711105 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.702719927 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.702774048 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.703439951 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.703453064 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.703478098 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.703494072 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.703517914 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.704436064 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.704448938 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.704472065 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.704489946 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.704528093 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.730482101 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.730499983 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.730554104 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.789509058 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.789544106 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.789597034 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.789635897 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.789665937 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.789788008 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.789796114 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.789836884 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.789938927 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.790066957 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.790081024 CEST4435461767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.790091991 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.790137053 CEST54617443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.792733908 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.792792082 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.792896032 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.793157101 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.793169022 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.995420933 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.995773077 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.995798111 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.996150970 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.996485949 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:54.996547937 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.996740103 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.002609968 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.002902985 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.002927065 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.003295898 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.003632069 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.003695965 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.003824949 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.039393902 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.047399044 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.136867046 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.137089968 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.137129068 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.138228893 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.138290882 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.139533997 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.139600992 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.152483940 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.152508974 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.152576923 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.152587891 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.156732082 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.156755924 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.156821012 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.156852007 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.175148964 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.175820112 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:26:55.175832987 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.176975965 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.177042007 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:26:55.178085089 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:26:55.178154945 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.179970980 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.180030107 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.180037975 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.183933973 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.183995962 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.184016943 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.240803957 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.240875006 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.240884066 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.241193056 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.241200924 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.241233110 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.241256952 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.241262913 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.241288900 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.242026091 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.242033958 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.242084980 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.242093086 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.242131948 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.244743109 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.244831085 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.244853020 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.245338917 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.245347023 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.245429039 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.245433092 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.245527029 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.245703936 CEST54619443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.245718956 CEST4435461967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.250232935 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.250288963 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.250351906 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.250916004 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.250927925 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.267869949 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:26:55.267874002 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.267879963 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.267890930 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.285671949 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.285737038 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.285744905 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.285763979 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.285816908 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.286202908 CEST54618443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.286215067 CEST4435461867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.289217949 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.289254904 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.289339066 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.289555073 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.289566994 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.333594084 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.333905935 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.333935976 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.334992886 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.335062027 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.335505009 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.335575104 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.335755110 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.335762024 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.457128048 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:26:55.457153082 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.457194090 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.501244068 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.501276970 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.501287937 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.501319885 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.501400948 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.501400948 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.501421928 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.528887987 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.528901100 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.528935909 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.528955936 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.528974056 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.529007912 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.747415066 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.747493982 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.856656075 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.856677055 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.856724024 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.856756926 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.856806040 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.857037067 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.857044935 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.857117891 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.857683897 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.857692003 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.857757092 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.857974052 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.857980967 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.858038902 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.860884905 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.861133099 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.861412048 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.861433983 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.861644030 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.861653090 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.861771107 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.862008095 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.862073898 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.862129927 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.862206936 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.862413883 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.862478971 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.862519026 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.864312887 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.864324093 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.864412069 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.865531921 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.865540028 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.865597963 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.866442919 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.866511106 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.867027998 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.867117882 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.867142916 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.867165089 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.867311954 CEST54624443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.867322922 CEST4435462467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.903400898 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.903417110 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:55.986287117 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:55.986347914 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.033114910 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033142090 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033149004 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033176899 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033214092 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.033231020 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033261061 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033262968 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.033376932 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.033581972 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033603907 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033654928 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.033662081 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033684015 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.033720970 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.036312103 CEST54626443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.036329985 CEST4435462667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.038009882 CEST54625443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.038014889 CEST4435462567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.040461063 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.040492058 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.040544987 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.040832043 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.040843964 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.042814970 CEST54630443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.042825937 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.042885065 CEST54630443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.043133020 CEST54630443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.043140888 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.047457933 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.047504902 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.047571898 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.047602892 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.047605038 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.047650099 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.047770977 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.047784090 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.048209906 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.048219919 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.857999086 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.858180046 CEST54630443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.858191967 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.858269930 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.858472109 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.858491898 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.858500004 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.858560085 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.858721972 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.858747959 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.858928919 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.859158993 CEST54630443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.859225035 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.859821081 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.859880924 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.860155106 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.860209942 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.861408949 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.861709118 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.861788034 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.862255096 CEST54630443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.862397909 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.862421036 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.862481117 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.862698078 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.862704039 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.863878012 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.863933086 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.864244938 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.864322901 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.864346981 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.907392979 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.907406092 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.907404900 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.911190987 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.911258936 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:56.911268950 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:56.957103968 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.012746096 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.012767076 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.012806892 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.012847900 CEST54630443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.012861013 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.012873888 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.012916088 CEST54630443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.013267040 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.013287067 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.013345003 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.013353109 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.013390064 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.015922070 CEST54632443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.015947104 CEST4435463267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.017498016 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.017527103 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.017537117 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.017565966 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.017580032 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.017596006 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.017605066 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.017611980 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.017621994 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.017663956 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.017689943 CEST54630443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.017704010 CEST4435463067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.021940947 CEST54634443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.021981955 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.022073984 CEST54634443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.022686005 CEST54634443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.022701025 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.023283005 CEST54631443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.023299932 CEST4435463167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.027230024 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.027254105 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.027363062 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.027542114 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.027554035 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.037600040 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.037626028 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.037691116 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.037702084 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.051613092 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.051697016 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.051704884 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.051827908 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.051929951 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.052184105 CEST54629443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.052194118 CEST4435462967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.055092096 CEST54637443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.055126905 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.055263042 CEST54637443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.055493116 CEST54637443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.055507898 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.057933092 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.057945013 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.058223009 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.058437109 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.058450937 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.151101112 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.151191950 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.151313066 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.151549101 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.151583910 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.548080921 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.548839092 CEST54634443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.548855066 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.549207926 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.549562931 CEST54634443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.549626112 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.549896002 CEST54634443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.571753979 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.572011948 CEST54637443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.572024107 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.572396040 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.572685957 CEST54637443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.572768927 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.572864056 CEST54637443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.575366974 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.575598955 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.575628042 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.576196909 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.576453924 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.576462984 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.576803923 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.577035904 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.577161074 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.577333927 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.577470064 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.577541113 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.577707052 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.577795029 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.595403910 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.619398117 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.623398066 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.623400927 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.686594963 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.686887980 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.686966896 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.691222906 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.691323042 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.691850901 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.691945076 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.692070961 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.692090034 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.692502022 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.692523003 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.692583084 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.692599058 CEST54634443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.692846060 CEST54634443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.694258928 CEST54634443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.694281101 CEST4435463467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.703727961 CEST54643443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.703766108 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.704117060 CEST54643443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.704284906 CEST54643443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.704298019 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.704732895 CEST54644443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.704802036 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.704883099 CEST54644443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.705064058 CEST54644443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.705087900 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.731093884 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.731177092 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.731705904 CEST54637443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.732069016 CEST54637443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.732085943 CEST4435463767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.733931065 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.733953953 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.734015942 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.734039068 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.734047890 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.734083891 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.734085083 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.734127998 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.734622002 CEST54645443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.734673977 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.734731913 CEST54645443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.735328913 CEST54645443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.735347033 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.735892057 CEST54638443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.735901117 CEST4435463867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.736455917 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.736509085 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.736581087 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.736599922 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.736649036 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.736712933 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.736722946 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.736728907 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.736756086 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.736825943 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.739340067 CEST54646443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.739356995 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.739438057 CEST54646443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.739828110 CEST54646443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.739847898 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.740122080 CEST54635443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.740138054 CEST4435463567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.850158930 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.850298882 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.850557089 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.851466894 CEST54639443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.851485014 CEST4435463967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.855743885 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.855788946 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.856024027 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.856246948 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.856275082 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.859424114 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.859458923 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.859519958 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.859690905 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:57.859704971 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.889544010 CEST54649443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:57.889570951 CEST44354649184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:57.889710903 CEST54649443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:57.890975952 CEST54649443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:57.890986919 CEST44354649184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.227328062 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.227432013 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.227634907 CEST54643443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.227655888 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.227916002 CEST54644443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.227979898 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.227992058 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.228344917 CEST54643443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.228398085 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.228405952 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.228858948 CEST54644443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.228934050 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.229039907 CEST54643443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.229129076 CEST54644443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.271425962 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.275393009 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.288039923 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.289292097 CEST54645443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.289323092 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.289818048 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.290124893 CEST54645443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.290215969 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.290369987 CEST54645443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.290853977 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.291102886 CEST54646443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.291111946 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.291644096 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.291934013 CEST54646443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.292032003 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.292100906 CEST54646443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.335406065 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.335433006 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.386173964 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.386563063 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.386626005 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.389381886 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.389466047 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.389491081 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.389498949 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.389563084 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.389589071 CEST54644443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.389637947 CEST54643443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.389657974 CEST54644443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.390252113 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.390351057 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.391159058 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.391412020 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.391457081 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.392741919 CEST54643443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.392762899 CEST4435464367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.395793915 CEST54644443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.395828009 CEST4435464467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.401731014 CEST54650443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.401772022 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.401834965 CEST54650443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.402038097 CEST54650443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.402050018 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.420603037 CEST54651443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.420650959 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.420789957 CEST54651443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.421168089 CEST54651443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.421194077 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.424350977 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.424619913 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.424639940 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.425847054 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.425909996 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.426544905 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.426649094 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.426753044 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.439402103 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.439789057 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.439814091 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.452007055 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.452287912 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.452356100 CEST54646443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.453035116 CEST54646443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.453052044 CEST4435464667.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.455768108 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.455864906 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.455929995 CEST54645443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.456487894 CEST54645443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.456494093 CEST4435464567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.459623098 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.459673882 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.459760904 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.459975958 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.459995031 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.464557886 CEST54653443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.464607000 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.464701891 CEST54653443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.465039968 CEST54653443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.465051889 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.471396923 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.472291946 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.472315073 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.487636089 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.518182993 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.532329082 CEST44354649184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.532413006 CEST54649443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:58.535326958 CEST54649443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:58.535335064 CEST44354649184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.536123037 CEST44354649184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.547509909 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.547595024 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.550740004 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.551814079 CEST54647443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.551846027 CEST4435464767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.580739975 CEST54649443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:58.591229916 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.591295958 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.591377020 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.592833042 CEST54649443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:58.593175888 CEST54648443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.593206882 CEST4435464867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.596714973 CEST54654443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.596748114 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.596991062 CEST54654443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.597297907 CEST54654443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.597306967 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.603082895 CEST54655443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.603132010 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.603250980 CEST54655443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.603445053 CEST54655443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.603462934 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.635406017 CEST44354649184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.801140070 CEST44354649184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.801212072 CEST44354649184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.801417112 CEST54649443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:58.802017927 CEST54649443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:58.802037954 CEST44354649184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.859081030 CEST54656443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:58.859112978 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.859278917 CEST54656443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:58.859754086 CEST54656443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:58.859766960 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.934484005 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.935003996 CEST54651443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.935045004 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.935426950 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.936072111 CEST54651443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.936142921 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.936321974 CEST54651443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.936633110 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.937094927 CEST54650443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.937114000 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.937482119 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.937823057 CEST54650443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.937874079 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.938081026 CEST54650443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.983398914 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.983407974 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.996227980 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.998508930 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.998522997 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.998894930 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:58.999490976 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:58.999557018 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.000087023 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.004939079 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.047409058 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.049312115 CEST54653443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.080802917 CEST54653443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.080818892 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.081398010 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.082227945 CEST54653443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.082328081 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.082580090 CEST54653443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.085124016 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.085195065 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.085278988 CEST54651443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.086946011 CEST54651443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.086980104 CEST4435465167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.090498924 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.090579033 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.091001034 CEST54650443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.092849016 CEST54650443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.092866898 CEST4435465067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.103254080 CEST54657443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.103352070 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.103437901 CEST54657443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.103750944 CEST54657443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.103785038 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.107409954 CEST54658443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.107436895 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.107549906 CEST54658443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.107850075 CEST54658443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.107873917 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.110615969 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.115922928 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.120013952 CEST54655443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.120028973 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.120280027 CEST54654443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.120301962 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.120450974 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.120692015 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.125077963 CEST54654443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.125166893 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.127398014 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.132963896 CEST54655443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.133043051 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.133111000 CEST54654443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.133147955 CEST54655443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.169222116 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.169255018 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.169480085 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.169497013 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.175411940 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.179400921 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.191101074 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.191224098 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.191241980 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.222780943 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.222872019 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.223004103 CEST54653443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.236819029 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.244920015 CEST54653443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.244947910 CEST4435465367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.252796888 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.252805948 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.252872944 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.253551006 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.253559113 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.253665924 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.254514933 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.254522085 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.254595041 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.254595041 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.282604933 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.282607079 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.282629013 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.282677889 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.282684088 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.282697916 CEST54654443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.282762051 CEST54655443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.282948971 CEST54654443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.283025026 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.283083916 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.289493084 CEST54655443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.289515972 CEST4435465567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.292994976 CEST54654443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.293005943 CEST4435465467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.311702967 CEST54659443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.311753988 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.311894894 CEST54659443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.312114000 CEST54659443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.312128067 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.342818022 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.342895031 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.343488932 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.343597889 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.344156027 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.344276905 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.345052004 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.345150948 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.345181942 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.345222950 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.345922947 CEST54652443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.345941067 CEST4435465267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.350545883 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.350578070 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.350644112 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.350946903 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.350965023 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.495862007 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.495940924 CEST54656443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:59.497589111 CEST54656443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:59.497601032 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.497847080 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.498929977 CEST54656443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:59.543409109 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.983450890 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.983529091 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.984348059 CEST54656443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:59.984433889 CEST54656443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:59.984457016 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.984469891 CEST54656443192.168.2.4184.28.90.27
                                                                                                                                                                  Oct 1, 2024 17:26:59.984477043 CEST44354656184.28.90.27192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.988171101 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.988248110 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.988568068 CEST54657443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.988607883 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.988693953 CEST54658443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.988703012 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.989183903 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.989223003 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.989463091 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.989599943 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.989626884 CEST54657443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.989690065 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.990041971 CEST54658443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.990103960 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.990187883 CEST54659443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.990199089 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.990320921 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.990340948 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.990508080 CEST54657443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.990547895 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.990551949 CEST54658443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.990731955 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.990833998 CEST54659443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.990895987 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.991061926 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.991117954 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:59.991168022 CEST54659443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:26:59.991204977 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.035393953 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.035398960 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.035412073 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.035412073 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.144500971 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.144521952 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.144597054 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.144603968 CEST54659443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.145828009 CEST54659443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.146260977 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.146281004 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.146289110 CEST54659443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.146311045 CEST4435465967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.146338940 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.146354914 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.148252010 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.148272991 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.148339033 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.148364067 CEST54657443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.148413897 CEST54657443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.148672104 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.148772001 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.149312019 CEST54657443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.149358034 CEST4435465767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.149385929 CEST54658443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.152005911 CEST54658443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.152019978 CEST4435465867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.154674053 CEST54662443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.154707909 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.154813051 CEST54662443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.155052900 CEST54662443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.155067921 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.162450075 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.162496090 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.162641048 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.163372993 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.163403034 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.163683891 CEST54664443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.163714886 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.163767099 CEST54664443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.164220095 CEST54664443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.164232016 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.173666954 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.173751116 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.173763037 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.218616009 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.236442089 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.236450911 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.236531973 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.237253904 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.237261057 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.237309933 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.237329006 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.238230944 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.238238096 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.238291979 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.261790991 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.261902094 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.323309898 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.323405981 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.324034929 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.324103117 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.324745893 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.324815035 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.325108051 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.325176954 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.325539112 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.325628042 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.325710058 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.325721025 CEST4435466167.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.325735092 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.325766087 CEST54661443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.688323975 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.688555002 CEST54664443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.688585997 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.688926935 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.689443111 CEST54664443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.689577103 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.689579010 CEST54664443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.691698074 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.691883087 CEST54662443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.691895962 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.692306042 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.692610979 CEST54662443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.692698956 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.692764997 CEST54662443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.695188046 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.695406914 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.695430040 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.696707010 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.697020054 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.697146893 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.697151899 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.697191000 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.732847929 CEST54664443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.732861042 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.739392042 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.748020887 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.847910881 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.847930908 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.847991943 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.848016977 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.848050117 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.848076105 CEST54662443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.848115921 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.848140955 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.848154068 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.848155975 CEST54662443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.848160982 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.848210096 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.848222017 CEST54664443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.848226070 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.848258972 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.849755049 CEST54664443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.849776030 CEST4435466467.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.850110054 CEST54662443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.850126982 CEST4435466267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.852976084 CEST54667443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.853003025 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.853070021 CEST54667443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.853377104 CEST54667443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.853390932 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.854626894 CEST54668443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.854711056 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.854814053 CEST54668443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.855159998 CEST54668443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:00.855195045 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:00.892560959 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.221215963 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.221230030 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.221268892 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.221359968 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.221404076 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.222318888 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.222326040 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.222381115 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.222978115 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.222985029 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.223037958 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.223047972 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.223105907 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.223153114 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.223315954 CEST54663443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.223330021 CEST4435466367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.226461887 CEST54669443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.226495028 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.226562977 CEST54669443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.227068901 CEST54669443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.227082968 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.228899002 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.228908062 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.228992939 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.229165077 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.229173899 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.441845894 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.442733049 CEST54667443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.442755938 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.443110943 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.443420887 CEST54667443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.443481922 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.443593025 CEST54667443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.491400003 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.596929073 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.596965075 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.597033978 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.597064972 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.597088099 CEST54667443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.597120047 CEST54667443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.598062992 CEST54667443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.598083019 CEST4435466767.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.601872921 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.601907015 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.601983070 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.602179050 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.602194071 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.609338999 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:01.609369040 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.609441042 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:01.609600067 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:01.609612942 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.737544060 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.737875938 CEST54669443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.737891912 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.738241911 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.738631964 CEST54669443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.738713026 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.738789082 CEST54669443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.743407011 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.743608952 CEST54668443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.743647099 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.744031906 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.744313955 CEST54668443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.744379044 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.744410992 CEST54668443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.764429092 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.764646053 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.764656067 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.765003920 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.765358925 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.765424013 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.765481949 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.779409885 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.791403055 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:01.793632030 CEST54668443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:01.807410955 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.041110039 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.041111946 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.041198969 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.041204929 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.041246891 CEST54669443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.041913033 CEST54668443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.041939974 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.041968107 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.042026997 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.042036057 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.042301893 CEST54669443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.042315960 CEST4435466967.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.042649031 CEST54668443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.042673111 CEST4435466867.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.046083927 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.046140909 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.046149969 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.046530962 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.046576977 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.046583891 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.047545910 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.047602892 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.047610044 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.047672033 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.047744989 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.048093081 CEST54670443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.048105955 CEST4435467067.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.054236889 CEST54675443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.054276943 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.054332972 CEST54675443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.054598093 CEST54675443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.054608107 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.108522892 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.108752966 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.108766079 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.109829903 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.109880924 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.110243082 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.110301971 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.110537052 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.110543966 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.158062935 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.170901060 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.171125889 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.171152115 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.171523094 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.171591043 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.172276974 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.172326088 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.173474073 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.173537016 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.174036980 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.174046040 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.219911098 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.264075994 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.264107943 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.264116049 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.264228106 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.264241934 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.264476061 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.264517069 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.264523029 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.264544010 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.264585972 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.265501022 CEST54672443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.265516043 CEST4435467267.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.290370941 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.290399075 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.290478945 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.290497065 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.290543079 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.290688992 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.290695906 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.290756941 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.290766001 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.291624069 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.291682959 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.291690111 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.345298052 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.372926950 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.372937918 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.373039007 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.373059988 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.373353958 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.373363018 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.373420954 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.373430014 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.373851061 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.373888016 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.373924971 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.373934031 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.373951912 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.374651909 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.374720097 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.374727964 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.376893044 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.376951933 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.376960993 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.377109051 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.377161980 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.377213001 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.377233028 CEST44354673150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.377260923 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.377290964 CEST54673443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.380023956 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:02.383328915 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.383367062 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.383438110 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.383624077 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.383639097 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.427393913 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.484206915 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.484232903 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.484308958 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.484318972 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:02.484349966 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:02.485833883 CEST54623443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:02.485847950 CEST443546233.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.489473104 CEST54677443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.489531994 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.489612103 CEST54677443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.490037918 CEST54677443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:02.490056038 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.491157055 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:02.491179943 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.491235971 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:02.491494894 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:02.491503954 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.587343931 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.587574959 CEST54675443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.587588072 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.587969065 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.588331938 CEST54675443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.588402987 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.588471889 CEST54675443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.635396957 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.749948025 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.750026941 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:02.750073910 CEST54675443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.750670910 CEST54675443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:02.750691891 CEST4435467567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.203732014 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.204185009 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.204199076 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.205373049 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.205374956 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.205436945 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.205828905 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.205893993 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.206056118 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.206073999 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.206296921 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.206304073 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.206444979 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.206557035 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.207175970 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.207243919 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.207408905 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.207464933 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.207735062 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.207743883 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.256469965 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.257997990 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.307307005 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.307552099 CEST54677443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.307636023 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.308016062 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.308336973 CEST54677443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.308424950 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.308450937 CEST54677443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.315000057 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.315021038 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.315083981 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.315088034 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.315176010 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.316421986 CEST54678443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.316437006 CEST443546783.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.316945076 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.316970110 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.317084074 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.317096949 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.317840099 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.317847967 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.317922115 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.317933083 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.318772078 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.318855047 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.318864107 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.349148989 CEST54677443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.349164963 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.364207029 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.404535055 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.404546976 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.404661894 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.404680967 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.405181885 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.405190945 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.405289888 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.405298948 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.405996084 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.406027079 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.406064987 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.406075001 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.406111956 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.406689882 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.406759024 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.406771898 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.406779051 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.406832933 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.406841040 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.406851053 CEST44354676150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.406917095 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.406917095 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.407013893 CEST54676443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.423831940 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.423907995 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.423976898 CEST54677443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.424459934 CEST54677443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.424491882 CEST44354677150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.470125914 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:03.470181942 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.470279932 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:03.470489025 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:03.470516920 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.501095057 CEST54683443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.501219988 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.501315117 CEST54683443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.501580954 CEST54683443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.501616001 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.508280993 CEST54684443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.508326054 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.508392096 CEST54684443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.508646965 CEST54684443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.508676052 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.518950939 CEST54685443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.519006014 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.519061089 CEST54685443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.519301891 CEST54685443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:03.519316912 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.955734968 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:03.955761909 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.955828905 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:03.956052065 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:03.956064939 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.969943047 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.970175982 CEST54684443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.970211029 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.970582962 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.970884085 CEST54684443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:03.970942020 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.971014977 CEST54684443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:04.011403084 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.063889980 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.064124107 CEST54683443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.064146996 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.064564943 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.065613985 CEST54683443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.065674067 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.065851927 CEST54683443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.078891039 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.079075098 CEST54685443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.079099894 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.079588890 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.080470085 CEST54685443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.080538034 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.080621958 CEST54685443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.111394882 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.127393961 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.430044889 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.430152893 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.430210114 CEST54684443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:04.430866003 CEST54684443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:04.430891991 CEST443546843.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.432226896 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.432296991 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.432378054 CEST54683443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.433708906 CEST54683443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.433726072 CEST44354683150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.438503981 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.438700914 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:04.438711882 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.439768076 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.439837933 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:04.441035032 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:04.441097021 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.441203117 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:04.441210985 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.483900070 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:04.484318972 CEST54689443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:04.484360933 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.484437943 CEST54689443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:04.484906912 CEST54689443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:04.484920025 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.537691116 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.538405895 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.538472891 CEST54685443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.539212942 CEST54685443192.168.2.4150.171.27.10
                                                                                                                                                                  Oct 1, 2024 17:27:04.539232969 CEST44354685150.171.27.10192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.608798027 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.609010935 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:04.609034061 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.610110998 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.610169888 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:04.611727953 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:04.611835003 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.611948013 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:04.611960888 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.658348083 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:04.679343939 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.679487944 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.679536104 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:04.680200100 CEST54682443192.168.2.4142.250.185.130
                                                                                                                                                                  Oct 1, 2024 17:27:04.680223942 CEST44354682142.250.185.130192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.906107903 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.906225920 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:04.906234980 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.906280041 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:04.906673908 CEST54687443192.168.2.4216.58.206.34
                                                                                                                                                                  Oct 1, 2024 17:27:04.906693935 CEST44354687216.58.206.34192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.910084963 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.910166979 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.946643114 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.946892023 CEST54689443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:04.946903944 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.947261095 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.947554111 CEST54689443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:04.947621107 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:04.947688103 CEST54689443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:04.991410971 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.052478075 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.052535057 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.052591085 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.052746058 CEST54622443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.052767038 CEST44354622172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.053241014 CEST54690443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.053288937 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.053354979 CEST54690443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.053587914 CEST54690443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.053600073 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.061064005 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.061600924 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.061664104 CEST54689443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:05.062421083 CEST54689443192.168.2.43.224.56.91
                                                                                                                                                                  Oct 1, 2024 17:27:05.062438965 CEST443546893.224.56.91192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.701772928 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.702307940 CEST54690443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.702327967 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.702675104 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.703022003 CEST54690443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.703087091 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.703198910 CEST54690443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.703223944 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.913275003 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.913551092 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.913732052 CEST54690443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.914609909 CEST54690443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.914628983 CEST44354690172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.934689999 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.934734106 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.934802055 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.935028076 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.935049057 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.947578907 CEST54693443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:05.947630882 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.947695017 CEST54693443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:05.948339939 CEST54693443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:05.948357105 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.577745914 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.578295946 CEST54693443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:06.578355074 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.579672098 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.580077887 CEST54693443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:06.580277920 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.580503941 CEST54693443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:06.586042881 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.586304903 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.586318970 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.587356091 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.587416887 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.587775946 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.587836027 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.587934017 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.587943077 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.627405882 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.642784119 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.736187935 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.736259937 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.736444950 CEST54693443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:06.737309933 CEST54693443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:06.737334013 CEST4435469367.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.740930080 CEST54695443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:06.740963936 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.741064072 CEST54695443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:06.741261959 CEST54695443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:06.741276026 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.799550056 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.800431013 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.800506115 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.800662994 CEST54691443192.168.2.4172.217.18.4
                                                                                                                                                                  Oct 1, 2024 17:27:06.800681114 CEST44354691172.217.18.4192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:07.572541952 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:07.572949886 CEST54695443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:07.572962999 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:07.573319912 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:07.573649883 CEST54695443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:07.573718071 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:07.573820114 CEST54695443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:07.619405031 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:07.728631973 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:07.728703976 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:07.728810072 CEST54695443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:07.729713917 CEST54695443192.168.2.467.227.166.81
                                                                                                                                                                  Oct 1, 2024 17:27:07.729733944 CEST4435469567.227.166.81192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:15.454941034 CEST4972380192.168.2.493.184.221.240
                                                                                                                                                                  Oct 1, 2024 17:27:15.455092907 CEST4972480192.168.2.493.184.221.240
                                                                                                                                                                  Oct 1, 2024 17:27:15.520562887 CEST804972393.184.221.240192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:15.520581961 CEST804972493.184.221.240192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:15.520780087 CEST4972380192.168.2.493.184.221.240
                                                                                                                                                                  Oct 1, 2024 17:27:15.520783901 CEST4972480192.168.2.493.184.221.240
                                                                                                                                                                  Oct 1, 2024 17:27:25.129888058 CEST6413253192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:25.161509037 CEST53641321.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:25.161648989 CEST6413253192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:25.161870003 CEST6413253192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:25.185602903 CEST53641321.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:25.695738077 CEST53641321.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:25.696664095 CEST6413253192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:25.701761961 CEST53641321.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:25.701812983 CEST6413253192.168.2.41.1.1.1

                                                                                                                                                                  UDP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Oct 1, 2024 17:26:27.024178028 CEST138138192.168.2.4192.168.2.255
                                                                                                                                                                  Oct 1, 2024 17:26:38.276114941 CEST5357681162.159.36.2192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:38.758819103 CEST5386853192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:26:38.766961098 CEST53538681.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:52.943084002 CEST5092553192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:26:53.449635983 CEST53509251.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.483447075 CEST4996253192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:26:54.492404938 CEST6233453192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:26:54.499162912 CEST53623341.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:26:54.514420986 CEST53499621.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.459851027 CEST6070853192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:03.466980934 CEST53607081.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:03.947947979 CEST5132453192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:03.955014944 CEST53513241.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:27:05.940834999 CEST5816853192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:07.077220917 CEST5862953192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:09.392704010 CEST5745853192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:22.400885105 CEST6095753192.168.2.41.1.1.1
                                                                                                                                                                  Oct 1, 2024 17:27:25.129187107 CEST53539251.1.1.1192.168.2.4
                                                                                                                                                                  Oct 1, 2024 17:28:11.441077948 CEST6337953192.168.2.41.1.1.1

                                                                                                                                                                  DNS Queries

                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                  Oct 1, 2024 17:26:38.758819103 CEST192.168.2.41.1.1.10xf008Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:26:52.943084002 CEST192.168.2.41.1.1.10x393Standard query (0)www.nucleustechnologies.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:26:54.483447075 CEST192.168.2.41.1.1.10x6303Standard query (0)lepide.iljmp.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:26:54.492404938 CEST192.168.2.41.1.1.10xb04eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:03.459851027 CEST192.168.2.41.1.1.10xa045Standard query (0)td.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:03.947947979 CEST192.168.2.41.1.1.10x5e1aStandard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:05.940834999 CEST192.168.2.41.1.1.10x4f5eStandard query (0)cdn.livechatinc.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:07.077220917 CEST192.168.2.41.1.1.10xca14Standard query (0)api.livechatinc.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:09.392704010 CEST192.168.2.41.1.1.10x9bfaStandard query (0)secure.livechatinc.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:22.400885105 CEST192.168.2.41.1.1.10x573aStandard query (0)accounts.livechatinc.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:28:11.441077948 CEST192.168.2.41.1.1.10x91c6Standard query (0)api.livechatinc.comA (IP address)IN (0x0001)false

                                                                                                                                                                  DNS Answers

                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                  Oct 1, 2024 17:26:38.766961098 CEST1.1.1.1192.168.2.40xf008Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:26:53.449635983 CEST1.1.1.1192.168.2.40x393No error (0)www.nucleustechnologies.comnucleustechnologies.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:26:53.449635983 CEST1.1.1.1192.168.2.40x393No error (0)nucleustechnologies.com67.227.166.81A (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:26:54.499162912 CEST1.1.1.1192.168.2.40xb04eNo error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:26:54.514420986 CEST1.1.1.1192.168.2.40x6303No error (0)lepide.iljmp.comimprovely-com-2021-1842759544.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:26:54.514420986 CEST1.1.1.1192.168.2.40x6303No error (0)improvely-com-2021-1842759544.us-east-1.elb.amazonaws.com3.224.56.91A (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:26:54.514420986 CEST1.1.1.1192.168.2.40x6303No error (0)improvely-com-2021-1842759544.us-east-1.elb.amazonaws.com52.204.22.72A (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:01.608690977 CEST1.1.1.1192.168.2.40xfaeaNo error (0)bat-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:01.608690977 CEST1.1.1.1192.168.2.40xfaeaNo error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:01.608690977 CEST1.1.1.1192.168.2.40xfaeaNo error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:03.466980934 CEST1.1.1.1192.168.2.40xa045No error (0)td.doubleclick.net142.250.185.130A (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:03.955014944 CEST1.1.1.1192.168.2.40x5e1aNo error (0)googleads.g.doubleclick.net216.58.206.34A (IP address)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:05.949990988 CEST1.1.1.1192.168.2.40x4f5eNo error (0)cdn.livechatinc.comcdn.livechat.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:07.086116076 CEST1.1.1.1192.168.2.40xca14No error (0)api.livechatinc.comapi.livechat.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:09.401091099 CEST1.1.1.1192.168.2.40x9bfaNo error (0)secure.livechatinc.comsecure.livechat.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:27:22.410213947 CEST1.1.1.1192.168.2.40x573aNo error (0)accounts.livechatinc.comaccounts.livechat.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Oct 1, 2024 17:28:11.449265957 CEST1.1.1.1192.168.2.40x91c6No error (0)api.livechatinc.comapi.livechat.com.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                  • slscr.update.microsoft.com
                                                                                                                                                                  • fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                  • www.nucleustechnologies.com
                                                                                                                                                                  • https:
                                                                                                                                                                    • bat.bing.com
                                                                                                                                                                    • lepide.iljmp.com
                                                                                                                                                                    • td.doubleclick.net
                                                                                                                                                                    • googleads.g.doubleclick.net
                                                                                                                                                                    • www.google.com
                                                                                                                                                                  • fs.microsoft.com

                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  0192.168.2.4497334.175.87.197443
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:23 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HDVveBNWknpUTyG&MD=RfXle5gx HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                                                                  2024-10-01 15:26:23 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Expires: -1
                                                                                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                  MS-CorrelationId: f9694a37-4cac-4108-bd50-80681711ef53
                                                                                                                                                                  MS-RequestId: a4034652-e308-4b9a-b67b-294dc7ddb364
                                                                                                                                                                  MS-CV: fiCjDPRhJUKrVm9u.0
                                                                                                                                                                  X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:23 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Content-Length: 24490
                                                                                                                                                                  2024-10-01 15:26:23 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                  2024-10-01 15:26:23 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  1192.168.2.45460713.85.23.206443
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:39 UTC142OUTGET /clientwebservice/ping HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  User-Agent: DNS resiliency checker/1.0
                                                                                                                                                                  Host: fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                  2024-10-01 15:26:40 UTC234INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Expires: -1
                                                                                                                                                                  Server: Microsoft-IIS/10.0
                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:40 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Content-Length: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  2192.168.2.4546084.175.87.197443
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:41 UTC124OUTGET /sls/ping HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  User-Agent: DNS resiliency checker/1.0
                                                                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                                                                  2024-10-01 15:26:41 UTC318INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Expires: -1
                                                                                                                                                                  MS-CV: Gk97AB9AIUa3cChl.0
                                                                                                                                                                  MS-RequestId: f3f9b98e-df74-41ff-88ef-d73dae936e92
                                                                                                                                                                  MS-CorrelationId: fadf6528-345c-4370-ab9b-d64dcbc549e1
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:41 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Content-Length: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  3192.168.2.4546094.175.87.197443
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:44 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HDVveBNWknpUTyG&MD=RfXle5gx HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                                                                  2024-10-01 15:26:45 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Expires: -1
                                                                                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                  MS-CorrelationId: 4fa8a0b9-91dc-4874-8921-2d713931c57b
                                                                                                                                                                  MS-RequestId: 138ca9eb-65d2-480d-b7ce-3a841bb450bf
                                                                                                                                                                  MS-CV: lwwfRk6NrEOMEPXj.0
                                                                                                                                                                  X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:44 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Content-Length: 24490
                                                                                                                                                                  2024-10-01 15:26:45 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                  2024-10-01 15:26:45 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  4192.168.2.4546104.175.87.197443
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:46 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HDVveBNWknpUTyG&MD=RfXle5gx HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                                                                  2024-10-01 15:26:46 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Expires: -1
                                                                                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                  ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                  MS-CorrelationId: ce8a6194-7b73-462c-96a7-a2c8b5a9e48e
                                                                                                                                                                  MS-RequestId: 0c871d36-93c2-4519-ac16-f6f080933fa0
                                                                                                                                                                  MS-CV: z7aDTpi5mkS1ATg9.0
                                                                                                                                                                  X-Microsoft-SLSClientCache: 1440
                                                                                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:45 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Content-Length: 30005
                                                                                                                                                                  2024-10-01 15:26:46 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                  Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                  2024-10-01 15:26:46 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                                  Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  5192.168.2.45461667.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:54 UTC714OUTGET /thanks-for-installing-kernel-pst-viewer.html HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                                                                  Sec-Fetch-User: ?1
                                                                                                                                                                  Sec-Fetch-Dest: document
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:54 UTC497INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:54 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Cache-Control: max-age=60, private, must-revalidate
                                                                                                                                                                  Expires: Tue, 01 Oct 2024 15:27:54 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  2024-10-01 15:26:54 UTC3766INData Raw: 65 61 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 54 68 61 6e 6b 20 79 6f 75 20 66 6f 72 20 69 6e 73 74 61 6c 6c 69 6e 67 20 20 4b 65 72 6e 65 6c 20 4f 75 74 6c 6f 6f 6b 20 50 53 54 20 56 69 65 77 65 72 20 46 72 65 65 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6d
                                                                                                                                                                  Data Ascii: eaf<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Thank you for installing Kernel Outlook PST Viewer Free</title><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="description" content=""><m
                                                                                                                                                                  2024-10-01 15:26:54 UTC5978INData Raw: 31 37 35 32 0d 0a 3c 66 6f 6f 74 65 72 20 69 64 3d 22 73 75 62 73 63 72 69 62 69 6e 67 69 64 22 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 31 32 20 73 61 6d 65 63 6f 6f 6c 22 3e 0d 0a 3c 62 3e 53 75 62 73 63 72 69 62 65 20 74 6f 20 47 65 74 20 4e 6f 74 69 66 69 65 64 21 3c 2f 62 3e 0d 0a 3c 66 6f 72 6d 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 20 63 6c 61 73 73 3d 22 65 6e 74 72 2d 6d 61 69 6c 22 20 61 63 74 69 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 70 6f 63 6c 6f 75 64 65 61 73 74 61 73 69 61 2e 63 72 6d 2e 70 6f 77 65 72 6f 62 6a 65 63 74 73 2e 6e 65 74 2f 50 6f 77 65 72 57 65 62 46 6f 72 6d 2f 50 6f 77
                                                                                                                                                                  Data Ascii: 1752<footer id="subscribingid"><div class="container"><div class="row"><div class="col-md-12 samecool"><b>Subscribe to Get Notified!</b><form method="post" class="entr-mail" action="https://pocloudeastasia.crm.powerobjects.net/PowerWebForm/Pow
                                                                                                                                                                  2024-10-01 15:26:54 UTC535INData Raw: 32 31 30 0d 0a 32 30 32 34 20 4b 65 72 6e 65 6c c2 ae 20 26 20 4b 65 72 6e 65 6c 20 44 61 74 61 20 52 65 63 6f 76 65 72 79 20 61 72 65 20 52 65 67 69 73 74 65 72 65 64 20 54 72 61 64 65 6d 61 72 6b 73 20 6f 66 20 4b 65 72 6e 65 6c 41 70 70 73 20 50 72 69 76 61 74 65 20 4c 69 6d 69 74 65 64 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 09 0d 0a 3c 2f 64 69 76 3e 09 0d 0a 3c 2f 66 6f 6f 74 65 72 3e 0d 0a 3c 61 20 68 72 65 66 3d 22 4a 61 76 61 53 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3b 22 20 63 6c 61 73 73 3d 22 74 6f 2d 74 6f 70 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 2d 74 6f 70 2d 6e 65 77 22 3e 26 23 38 35 39 33 3b 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0d 0a 3c 73 63 72 69 70 74 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70
                                                                                                                                                                  Data Ascii: 2102024 Kernel & Kernel Data Recovery are Registered Trademarks of KernelApps Private Limited.</p></div></div></div></footer><a href="JavaScript:void(0);" class="to-top"><span class="arrow-top-new">&#8593;</span></a><script defer src="http
                                                                                                                                                                  2024-10-01 15:26:54 UTC8192INData Raw: 31 66 34 30 0d 0a 3c 21 2d 2d 2d 2d 2d 68 65 61 64 65 72 2d 2d 2d 2d 2d 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 22 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 2d 66 6c 75 69 64 22 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 68 65 61 64 65 72 22 3e 0d 0a 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 20 78 20 63 6f 6c 6c 61 70 73 65 64 22 20 64 61 74 61 2d 62 73 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 62 73 2d 74 61 72 67 65 74 3d 22 23 6d 79 4e 61 76 62 61 72 22 20
                                                                                                                                                                  Data Ascii: 1f40...---header-------><header><div class="container"><nav class="navbar"><div class="container-fluid"><div class="navbar-header"><button type="button" class="navbar-toggle x collapsed" data-bs-toggle="collapse" data-bs-target="#myNavbar"
                                                                                                                                                                  2024-10-01 15:26:54 UTC7822INData Raw: 6f 76 65 72 79 20 73 6f 6c 75 74 69 6f 6e 20 66 6f 72 20 4f 53 54 2c 20 50 53 54 2c 20 45 44 42 20 26 61 6d 70 3b 20 45 78 63 68 61 6e 67 65 20 77 69 74 68 20 73 6d 61 72 74 20 66 69 6c 74 65 72 73 2e 3c 2f 70 3e 3c 2f 61 3e 20 0d 0a 3c 2f 64 69 76 3e 20 20 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 73 74 69 6e 67 73 22 3e 20 20 20 20 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 75 63 6c 65 75 73 74 65 63 68 6e 6f 6c 6f 67 69 65 73 2e 63 6f 6d 2f 6f 75 74 6c 6f 6f 6b 2d 65 78 70 72 65 73 73 2d 72 65 63 6f 76 65 72 79 2e 68 74 6d 6c 22 20 6f 6e 63 6c 69 63 6b 3d 22 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 7b 27 65 76 65 6e 74 27 3a 20 27 54 72 61 63 6b 45 76 65 6e 74 27 2c 20 27 65 76 65 6e 74 43 61 74 65 67 6f 72 79 27
                                                                                                                                                                  Data Ascii: overy solution for OST, PST, EDB &amp; Exchange with smart filters.</p></a> </div> <div class="listings"> <a href="https://www.nucleustechnologies.com/outlook-express-recovery.html" onclick="dataLayer.push({'event': 'TrackEvent', 'eventCategory'
                                                                                                                                                                  2024-10-01 15:26:54 UTC2INData Raw: 0d 0a
                                                                                                                                                                  Data Ascii:
                                                                                                                                                                  2024-10-01 15:26:54 UTC8192INData Raw: 31 66 34 30 0d 0a 70 61 6e 3e 0d 0a 3c 70 3e 42 61 63 6b 75 70 20 79 6f 75 72 20 47 6d 61 69 6c 20 64 61 74 61 20 74 6f 20 50 53 54 20 26 61 6d 70 3b 20 6f 74 68 65 72 20 66 6f 72 6d 61 74 73 20 77 69 74 68 20 61 20 66 75 6c 6c 20 72 65 70 6f 72 74 20 69 6e 20 74 68 65 20 65 6e 64 2e 3c 2f 70 3e 3c 2f 61 3e 20 20 20 20 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 73 74 69 6e 67 73 22 3e 20 20 20 20 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 75 63 6c 65 75 73 74 65 63 68 6e 6f 6c 6f 67 69 65 73 2e 63 6f 6d 2f 65 78 63 68 61 6e 67 65 2d 73 65 72 76 65 72 2d 62 61 63 6b 75 70 2f 22 20 6f 6e 63 6c 69 63 6b 3d 22 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 7b 27 65 76 65 6e 74 27 3a 20 27 54 72 61 63 6b
                                                                                                                                                                  Data Ascii: 1f40pan><p>Backup your Gmail data to PST &amp; other formats with a full report in the end.</p></a> </div><div class="listings"> <a href="https://www.nucleustechnologies.com/exchange-server-backup/" onclick="dataLayer.push({'event': 'Track
                                                                                                                                                                  2024-10-01 15:26:54 UTC7822INData Raw: 50 54 58 2c 20 50 50 53 20 66 69 6c 65 20 77 69 74 68 20 74 65 78 74 2c 20 69 6d 61 67 65 73 2c 20 67 72 61 70 68 69 63 73 2c 20 61 75 64 69 6f 2c 20 65 74 63 2e 3c 2f 70 3e 3c 2f 61 3e 20 20 20 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 73 74 69 6e 67 73 22 3e 20 20 20 20 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 75 63 6c 65 75 73 74 65 63 68 6e 6f 6c 6f 67 69 65 73 2e 63 6f 6d 2f 72 65 70 61 69 72 2d 61 63 63 65 73 73 2d 64 61 74 61 62 61 73 65 2e 68 74 6d 6c 22 20 6f 6e 63 6c 69 63 6b 3d 22 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 7b 27 65 76 65 6e 74 27 3a 20 27 54 72 61 63 6b 45 76 65 6e 74 27 2c 20 27 65 76 65 6e 74 43 61 74 65 67 6f 72 79 27 3a 20 27 4d 65 6e 75 2d 43 6c 69 63 6b 27 2c
                                                                                                                                                                  Data Ascii: PTX, PPS file with text, images, graphics, audio, etc.</p></a> </div><div class="listings"> <a href="https://www.nucleustechnologies.com/repair-access-database.html" onclick="dataLayer.push({'event': 'TrackEvent', 'eventCategory': 'Menu-Click',
                                                                                                                                                                  2024-10-01 15:26:54 UTC2INData Raw: 0d 0a
                                                                                                                                                                  Data Ascii:
                                                                                                                                                                  2024-10-01 15:26:54 UTC8192INData Raw: 31 66 34 30 0d 0a 72 69 6e 67 3c 2f 73 70 61 6e 3e 0d 0a 3c 70 3e 4d 6f 6e 69 74 6f 72 20 74 68 65 20 6c 69 76 65 20 73 63 72 65 65 6e 73 20 6f 66 20 75 6e 6c 69 6d 69 74 65 64 20 77 6f 72 6b 73 74 61 74 69 6f 6e 73 20 77 6f 72 6b 69 6e 67 20 69 6e 20 6f 66 66 69 63 65 2f 72 65 6d 6f 74 65 6c 79 2e 3c 2f 70 3e 3c 2f 61 3e 20 20 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 73 74 69 6e 67 73 22 3e 3c 2f 64 69 76 3e 09 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 73 74 69 6e 67 73 22 3e 3c 2f 64 69 76 3e 20 20 20 20 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 62 5f 63 72 6f 73 22 3e 26 23 31 30 30 30 35 3b
                                                                                                                                                                  Data Ascii: 1f40ring</span><p>Monitor the live screens of unlimited workstations working in office/remotely.</p></a> </div><div class="listings"></div><div class="listings"></div> </div></div></div></div></div><div class="mob_cros">&#10005;


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  6192.168.2.45461767.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:54 UTC660OUTGET /cssnew/fonts/Montserrat-Regular.woff2 HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  Origin: https://www.nucleustechnologies.com
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: font
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:54 UTC532INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:54 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 12 Feb 2024 05:47:03 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 61160
                                                                                                                                                                  Cache-Control: max-age=31536000, public
                                                                                                                                                                  Expires: Tue, 08 Oct 2024 15:26:54 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: application/x-font-woff2
                                                                                                                                                                  2024-10-01 15:26:54 UTC7660INData Raw: 77 4f 46 32 00 01 00 00 00 00 ee e8 00 10 00 00 00 03 0d 18 00 00 ee 83 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 87 3a 1b 84 a6 1c 1c d1 1e 06 60 3f 53 54 41 54 48 00 95 6a 11 08 0a 84 f0 70 84 87 7a 0b 9d 58 00 01 36 02 24 03 bb 2c 04 20 05 8d 78 07 81 a9 07 0c 07 5b b3 c8 b2 0b 0a 45 ee ef b7 56 5b d9 a6 58 97 c4 86 40 08 ea 86 c8 81 db a6 a6 99 9a 3b 7e fa 09 60 36 86 89 0f 5c 51 b5 6e 76 8e 3e 8e 28 b3 47 eb 13 e8 ed 8b 1c b8 6d 40 9f fc c8 5e ae 36 fb ff ff ff ff ff ff ff ff ff ff ef 20 59 3c b9 f9 bb f3 ee 66 5f b9 ca 1d 74 83 88 14 d1 a8 a8 29 60 4b f2 7f 22 84 a4 01 ef 43 00 de 7c 4c 45 19 a4 4a 75 d3 a6 41 4c 6c a5 8a 5d a8 d9 a7 61 1a c5 e4 23 4b ca 58 26 70 1a e3 78 e6 55 98 43 d2 9d d9 2d 54 a1 2f 2e a4 fa b2
                                                                                                                                                                  Data Ascii: wOF2:`?STATHjpzX6$, x[EV[X@;~`6\Qnv>(Gm@^6 Y<f_t)`K"C|LEJuALl]a#KX&pxUC-T/.
                                                                                                                                                                  2024-10-01 15:26:54 UTC8000INData Raw: b6 57 6d a7 32 0b 0b cb 4f 36 1c a5 6a 0b 43 78 e5 08 50 f0 3b 7b 78 c2 4f 84 f1 95 d9 4c 3d 0d 6f 6b 19 d1 f7 95 c3 30 7b 07 79 2c 17 37 73 8d ce f1 6b de 55 2a 8c dc 69 ad 64 f5 91 45 d6 64 70 38 cf 8e 80 9c 6e d6 5a 8f 68 1a d5 a8 0c 33 bb e3 88 8b f3 24 fb 6d 2f 88 42 0d b5 b6 69 24 9f 4f 0e 50 6b 87 9d 25 20 9c e3 5c cb 18 3e 33 32 c8 20 83 0c 3a a2 af 4b 6a 95 01 8d 3c 32 c8 50 52 21 41 a2 18 c4 88 15 fb 88 11 db d9 a2 93 4e 3a 6f a9 c3 67 69 34 32 48 25 95 54 52 33 75 d3 d7 61 b8 77 3f f3 47 91 3d f4 82 49 ce 0e c7 88 96 11 4a 84 3f e1 27 75 24 8c 74 ec e0 18 db 0d 13 8d 04 6a a8 d9 b9 43 f1 7f 27 87 47 37 63 cd 96 dc f0 bb 6d bf d6 ee 14 2b 9e 50 3a dc 4b d1 5e b5 5b f3 2c 38 af 65 3c 17 a8 a1 86 1a 6a a8 31 3b e3 32 49 02 72 cb 6c 9b 31 cc 48 68
                                                                                                                                                                  Data Ascii: Wm2O6jCxP;{xOL=ok0{y,7skU*idEdp8nZh3$m/Bi$OPk% \>32 :Kj<2PR!AN:ogi42H%TR3uaw?G=IJ?'u$tjC'G7cm+P:K^[,8e<j1;2Irl1Hh
                                                                                                                                                                  2024-10-01 15:26:54 UTC8000INData Raw: c8 25 f7 7e 1b 6f 54 0a 0b 2b f4 5a d2 7e b2 75 85 34 f9 28 3b bb 02 19 86 8f 3f ed 46 d2 07 99 59 56 00 49 38 43 c2 31 e3 1a fa 49 1d 5f 39 f6 f6 84 24 2e ad c8 18 c0 e4 ca 59 25 54 97 4c bf 10 7f f4 ab 0b 3f 06 00 7e d6 bf 58 84 32 f2 8a be 54 f1 cf 66 c1 20 56 04 17 f3 1a bd 84 be 38 44 42 5c 0d 5f de cf 0f a2 ac 65 d5 11 78 d0 14 11 6f 90 24 60 5f 66 c3 33 35 e5 38 83 25 e6 50 9f 09 c3 d7 45 c9 fb b1 0f 9e d5 85 f5 e8 d9 aa e1 c3 c6 62 b6 21 a9 da 7c 57 bd a9 ff f0 b9 0b 1f 4c eb a1 3e 97 dc 64 0d ea c6 6b f8 ba 14 26 45 3b 32 80 17 6b 40 87 4f 2c aa a3 2d 0b e5 d1 32 e8 b2 90 2b a0 47 f9 97 26 50 1e 24 ab 2e 4d 49 58 60 8d d0 3a dc ef 7f 03 a1 7d 1b f6 6d c1 c5 86 77 1a 65 66 85 14 9d 25 a8 ac 65 55 7e ff 22 cf f7 0d 40 c1 6a 05 81 cb 6a 69 4b 40 7e
                                                                                                                                                                  Data Ascii: %~oT+Z~u4(;?FYVI8C1I_9$.Y%TL?~X2Tf V8DB\_exo$`_f358%PEb!|WL>dk&E;2k@O,-2+G&P$.MIX`:}mwef%eU~"@jjiK@~
                                                                                                                                                                  2024-10-01 15:26:54 UTC8000INData Raw: bc 32 e8 df 00 dd b0 19 b8 0c 02 82 30 61 e0 02 30 70 05 f8 d7 7e ec f4 b3 38 c0 4f fc 66 7d b3 ae 41 44 48 04 04 47 04 10 60 80 86 44 ab 41 9f 09 50 60 80 0b 20 20 e0 02 c8 b3 dd 03 d9 11 c0 81 06 ce c9 47 b0 b9 79 96 ec a0 52 15 62 de 67 24 53 61 65 b7 c2 15 af 4a 35 aa 5d af a2 4a 6d 67 87 da f2 9e cb c9 41 39 22 c7 89 06 a2 93 e8 26 e4 84 8a d0 13 27 93 ad c9 78 72 7c 79 b2 83 34 90 14 99 44 a6 92 b9 64 19 79 7a 9d cd a5 9a 28 11 f5 e8 72 88 26 85 1d 53 82 62 c3 81 07 af fc e2 23 46 81 11 e6 d8 cf 39 37 c9 52 e1 3f f1 dc ae 23 31 9d 7b f4 e2 8b 1f 7a 1d 75 c6 c3 d6 6d d9 15 96 90 91 57 51 8f a7 a2 17 19 f3 d8 c4 3e fe 23 19 37 e6 9d b9 c9 92 35 bb 39 4a 72 93 3f 99 ce be ba b3 d8 12 4b 2f 5b df 61 fe 86 3f 87 53 0d 38 27 19 ad 10 bf e7 20 90 8b 49 d3
                                                                                                                                                                  Data Ascii: 20a0p~8Of}ADHG`DAP` GyRbg$SaeJ5]JmgA9"&'xr|y4Ddyz(r&Sb#F97R?#1{zumWQ>#759Jr?K/[a?S8' I
                                                                                                                                                                  2024-10-01 15:26:54 UTC8000INData Raw: db 5a d1 36 d3 39 89 aa a2 e3 2f ae 5d 7f b1 e1 6d 3c 33 49 ae 69 3b f0 b4 59 ef 80 c6 b4 8c 6a fe 44 d7 49 3f 17 f4 4b f0 92 95 15 c3 b2 b5 25 e9 23 a0 9a 72 b5 d1 52 d2 f0 b2 4a c5 20 31 fb 69 a1 2e ac 3b 65 c4 c8 a9 09 73 51 ec 74 4a f2 66 33 c0 80 02 b8 81 d0 dc cb 00 d0 55 05 b7 f6 9f 07 17 8b ee f0 f5 af 11 54 3d 51 3b bd fb 3e 92 e5 c2 b8 bd 7f dc 10 6d 39 92 a9 53 cc 32 71 8a 25 4e 5e 52 c0 30 06 01 5d b5 44 e7 9d ae 33 de d2 45 dd 40 40 4d 7d 24 f2 5b 7e 32 d7 dd 42 4b 6d a2 1e 58 d7 9a 84 bd 1b 67 3b 52 9d c0 56 3c 28 c0 a7 1b 1b b9 c6 dd 5b 7e 4d d7 6f 77 42 ca 3b bb 0a 18 bf 6d 28 e1 5b f0 6d 65 6f e3 ad 48 08 8a 8a 2c 9b 70 33 cf af c4 15 26 0d b2 cb 40 b9 d9 2c 52 af a7 8b 0e 96 55 2f 21 91 8b c6 e0 0b 71 be 90 17 f5 f9 07 63 85 f3 c6 60 f7
                                                                                                                                                                  Data Ascii: Z69/]m<3Ii;YjDI?K%#rRJ 1i.;esQtJf3UT=Q;>m9S2q%N^R0]D3E@@M}$[~2BKmXg;RV<([~MowB;m([meoH,p3&@,RU/!qc`
                                                                                                                                                                  2024-10-01 15:26:54 UTC8000INData Raw: be cc bc 6f c2 c1 54 c2 42 b1 6a c9 ef e6 0e 08 3c dd bf e4 97 58 68 ac 6f 44 cf 79 16 48 eb a4 43 d9 61 27 ba 25 32 4a dc e5 50 5b 90 7c 96 58 9b 27 ab f4 d3 15 2b e6 c3 7e 3e 97 7c 80 b0 c2 fd 19 03 89 a7 74 da 5e 82 86 c7 7b 82 2b 24 06 ee 99 5d f1 01 fb 1c ec e6 3d 00 bb 7d f7 e5 de f0 6f 7a 7e a8 76 32 4f 9f 22 10 67 a3 be 8d 9a 5d fd 2a e9 25 1e 73 c5 eb 8a 04 62 b9 2f 53 c6 99 e0 53 7b ec eb b1 5f 07 83 cf f1 62 4d ed c1 81 1b 3a 84 3c 3e e8 8f 3c 22 61 66 0d a1 9d 13 18 56 46 78 fd ac de 27 93 fa 8d ff c2 56 66 ae 5f 67 31 a7 3f e4 38 ab fe 78 36 6e 76 4b 71 9b f1 44 f0 a9 3d e0 e6 7b 2d 46 aa 37 07 d7 1f 0d 0e ec 15 ca fe a3 f2 2f d1 b6 b2 d3 49 97 ca b4 83 9f 22 e9 50 fa 35 4b fd a5 dd 7b d3 1c 8a 09 aa 10 24 e8 e7 e2 33 22 2c 1e 6e b5 ed 8c 1a
                                                                                                                                                                  Data Ascii: oTBj<XhoDyHCa'%2JP[|X'+~>|t^{+$]=}oz~v2O"g]*%sb/SS{_bM:<><"afVFx'Vf_g1?8x6nvKqD={-F7/I"P5K{$3",n
                                                                                                                                                                  2024-10-01 15:26:54 UTC8000INData Raw: 8d 1a 27 e0 ee b3 7f 7f 15 ac 2a d8 01 38 88 21 1f 66 a9 8e 0e 37 5d 56 1b 87 09 da 0c 89 0c a8 0f a1 b4 2a ab 88 2f 82 cc 99 d5 0e 03 76 4c 84 f7 cb 64 72 ca 29 ec e0 ef 18 bf 7b 97 0f 85 ae b2 c0 ea 82 d2 c0 30 34 0e 44 e3 41 86 59 ed c0 10 22 e0 3d 42 60 08 25 15 05 03 fa c2 cd e8 bb bc b9 47 ca fb 51 4f 69 bc 24 df b2 5b 40 49 a6 5b 21 9e 29 ac 9c 8f 8f ff ea 79 a4 9f 38 02 25 69 36 f1 fc 4d 80 67 be ab 46 44 d2 67 13 c3 80 58 72 e6 33 07 2e 33 2e 75 91 12 73 f1 00 4b 99 94 48 71 fc f0 b3 9b 4a 12 4a 0a e1 ed 4d f1 9c bf c8 80 37 84 87 64 da 4b eb fc ec 1f e4 ca cc f8 d3 dd eb b7 d6 43 c8 a3 85 63 51 66 b8 7b ec 0f af e5 a8 a5 60 07 84 83 18 f2 61 a0 9f 74 b8 e9 b2 d8 38 4c d0 66 48 b4 00 8b 07 32 45 66 2a 15 f1 58 90 35 b3 47 c9 0d 0c 55 78 ff 9d 47
                                                                                                                                                                  Data Ascii: '*8!f7]V*/vLdr){04DAY"=B`%GQOi$[@I[!)y8%i6MgFDgXr3.3.usKHqJJM7dKCcQf{`at8LfH2Ef*X5GUxG
                                                                                                                                                                  2024-10-01 15:26:54 UTC5500INData Raw: ac 7e c5 04 1f 6c f4 90 e7 23 b1 b7 ab 40 48 98 ba 4d 00 3c b1 00 01 17 d0 b9 5b e4 3b c3 66 cf d5 98 26 af 73 1d 87 61 4b 07 0f 62 5c 9a b9 c5 2a f9 8f 6e 8d 6a b6 90 41 24 51 4f af 9a e4 3f 4e 2a 6b 5c 22 31 e0 0e 86 8c e1 dd 4b 44 d8 3b a5 73 d3 ca 5d 97 6e db ee cc 96 53 7b 8f 77 32 d9 d7 3b 99 da bc cb 76 d1 c6 58 44 a0 03 d1 11 3d 23 14 bd b3 ae 80 4a 70 ab 73 82 f4 5c 79 d3 1e 1c c4 f3 3a 3e d7 c6 c0 25 fc 1f 30 68 85 a1 83 c3 cd c4 e1 78 65 0f 52 4a 82 2f df 72 b1 f2 fb 88 cf 4a 9e b3 13 95 28 14 f2 5e 8f 52 51 28 92 6d 52 4c 57 99 69 31 65 15 45 a5 9c a9 90 97 63 55 76 d9 d2 dc 27 dc 34 1f f6 84 6d 8d 9d fe 9b ce 3c 8e 9f 02 ae e0 d2 5f a1 7f cd 81 0b 29 e4 49 c0 fe 54 be 43 1d b0 7a 37 b8 f3 f0 9d 45 01 04 56 29 64 f9 a7 11 4a 85 18 d8 1c 17 33
                                                                                                                                                                  Data Ascii: ~l#@HM<[;f&saKb\*njA$QO?N*k\"1KD;s]nS{w2;vXD=#Jps\y:>%0hxeRJ/rJ(^RQ(mRLWi1eEcUv'4m<_)ITCz7EV)dJ3


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  7192.168.2.45461867.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:54 UTC625OUTGET /cssnew/freeware-download.css HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: text/css,*/*;q=0.1
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: style
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:55 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Fri, 07 Jun 2024 11:18:21 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 43530
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: text/css
                                                                                                                                                                  2024-10-01 15:26:55 UTC7652INData Raw: 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 77 67 68 74 40 34 30 30 3b 36 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 27 29 3b 0d 0a 68 74 6d 6c 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 7d 0d 0a 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4d 6f 6e 74 73 65 72 72 61 74 22 2c 20 22 41 72 69 61 6c 22 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 20 68 69 64 64 65 6e 3b 20 77 6f 72 64 2d 62 72 65 61
                                                                                                                                                                  Data Ascii: @import url('https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;800&display=swap');html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;}body{font-family:"Montserrat", "Arial";font-size:16px;margin:0;overflow-x: hidden; word-brea
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 76 61 72 28 2d 2d 62 73 2d 64 72 6f 70 64 6f 77 6e 2d 7a 69 6e 64 65 78 29 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 6d 69 6e 2d 77 69 64 74 68 3a 76 61 72 28 2d 2d 62 73 2d 64 72 6f 70 64 6f 77 6e 2d 6d 69 6e 2d 77 69 64 74 68 29 3b 70 61 64 64 69 6e 67 3a 76 61 72 28 2d 2d 62 73 2d 64 72 6f 70 64 6f 77 6e 2d 70 61 64 64 69 6e 67 2d 79 29 20 76 61 72 28 2d 2d 62 73 2d 64 72 6f 70 64 6f 77 6e 2d 70 61 64 64 69 6e 67 2d 78 29 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 76 61 72 28 2d 2d 62 73 2d 64 72 6f 70 64 6f 77 6e 2d 66 6f 6e 74 2d 73 69 7a 65 29 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 62 73 2d 64 72 6f 70 64 6f 77 6e 2d 63 6f 6c 6f 72 29 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6c 69
                                                                                                                                                                  Data Ascii: olute;z-index:var(--bs-dropdown-zindex);display:none;min-width:var(--bs-dropdown-min-width);padding:var(--bs-dropdown-padding-y) var(--bs-dropdown-padding-x);margin:0;font-size:var(--bs-dropdown-font-size);color:var(--bs-dropdown-color);text-align:left;li
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 7a 2d 69 6e 64 65 78 3a 76 61 72 28 2d 2d 62 73 2d 6d 6f 64 61 6c 2d 7a 69 6e 64 65 78 29 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 61 75 74 6f 3b 6f 75 74 6c 69 6e 65 3a 30 3b 7d 0d 0a 2e 6d 6f 64 61 6c 2d 64 69 61 6c 6f 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 3a 76 61 72 28 2d 2d 62 73 2d 6d 6f 64 61 6c 2d 6d 61 72 67 69 6e 29 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 3b 7d 0d 0a 2e 6d 6f 64 61 6c 2e 66 61 64 65 20 2e 6d 6f 64 61 6c 2d 64 69 61 6c 6f
                                                                                                                                                                  Data Ascii: n:fixed;top:0;left:0;z-index:var(--bs-modal-zindex);display:none;width:100%;height:100%;overflow-x:hidden;overflow-y:auto;outline:0;}.modal-dialog{position:relative;width:auto;margin:var(--bs-modal-margin);pointer-events:none;}.modal.fade .modal-dialo
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 65 72 69 74 3b 7d 20 0d 0a 2e 66 6c 78 2d 62 78 6d 68 6c 65 70 20 2e 63 6f 6c 2d 6d 64 2d 34 2c 2e 63 6f 6d 6d 65 6e 74 73 5f 70 61 67 65 5f 6c 69 73 74 20 2e 63 6f 6c 2d 6d 64 2d 34 7b 70 61 64 64 69 6e 67 3a 20 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 2e 6e 76 62 61 72 63 6f 6e 74 20 2e 6d 79 6e 76 62 72 2c 2e 6e 76 62 61 72 63 6f 6e 74 20 2e 72 69 67 68 74 2d 73 6d 63 6f 6e 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 72 6f 77 3b 7d 20 0d 0a 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 3a 61 66 74 65 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 20 0d 0a 2e 62 61 6e 6e 65 72 2d 77 72 61 70 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 0d 0a 2e
                                                                                                                                                                  Data Ascii: erit;} .flx-bxmhlep .col-md-4,.comments_page_list .col-md-4{padding: 0px 15px;} .nvbarcont .mynvbr,.nvbarcont .right-smcon{flex-direction: row;} .dropdown-toggle::after{display:none;} .banner-wrap h2{font-size:18px;line-height:27px;color:#000;}.
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 70 78 3b 7d 0d 0a 2e 70 75 72 63 68 61 73 65 2d 64 65 6c 20 2e 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7a 2d 69 6e 64 65 78 3a 31 3b 7d 0d 0a 2e 70 75 72 63 68 61 73 65 2d 64 65 6c 20 2e 66 6c 78 2d 62 78 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 31 36 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 38 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 37 70 78 20 23 64 32 64 32 64 32 3b 7d 0d 0a 2e 70 75 72 63 68 61 73 65 2d 64 65 6c 20 73 74 72 6f 6e 67 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 7d 0d 0a 2e 70 75 72 63 68 61 73 65 2d 64 65 6c 20 70 7b 6d 61 72 67 69
                                                                                                                                                                  Data Ascii: px;}.purchase-del .container{position:relative;z-index:1;}.purchase-del .flx-bx{background:#fff;padding:30px 16px;border-radius:28px;box-shadow:0 0 7px #d2d2d2;}.purchase-del strong{vertical-align:middle;display:inline-block;}.purchase-del p{margi
                                                                                                                                                                  2024-10-01 15:26:55 UTC3878INData Raw: 20 31 30 32 34 70 78 29 7b 0d 0a 2e 62 6c 75 65 2d 72 62 6e 20 68 34 2c 2e 66 6c 79 6f 75 74 20 6c 69 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 7d 0d 0a 2e 66 6c 79 6f 75 74 20 6c 69 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 7d 0d 0a 2e 66 6c 79 6f 75 74 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 7d 0d 0a 2e 77 68 62 72 64 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 7d 0d 0a 2e 62 6c 75 65 2d 72 62 6e 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0d 0a 2e 6c 69 73 74 2d 77 64 2d 74 72 64 20 6c 69 7b 77 69 64 74 68 3a 33 30 25 3b 7d 0d 0a 2e 73 6f 6e 74 2d 74 78 74 73 7b 77 69 64 74 68 3a 31 30 30 25 3b 7d 0d 0a 2e 74 61 62 6c 65 2d 62 75 79 20 2e 66 6c 78 6f 6d 70 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 7d 0d 0a 2e 73 6f 6e
                                                                                                                                                                  Data Ascii: 1024px){.blue-rbn h4,.flyout li{display:block;}.flyout li{margin-left:0px;}.flyout{float:none;}.whbrd{margin-top:20px;}.blue-rbn{text-align:center;}.list-wd-trd li{width:30%;}.sont-txts{width:100%;}.table-buy .flxomp{display:block;}.son


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  8192.168.2.45461967.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:54 UTC624OUTGET /cssnew/menu-update-2023.css HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: text/css,*/*;q=0.1
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: style
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:55 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Thu, 26 Sep 2024 05:01:28 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 28591
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: text/css
                                                                                                                                                                  2024-10-01 15:26:55 UTC7652INData Raw: 68 74 6d 6c 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 3b 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 35 37 31 34 33 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 7d 68 65 61 64 65 72 2c 6e 61 76 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 7d 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 61 3a 61 63 74 69 76 65 2c 61 3a 68 6f 76 65 72 7b 6f 75 74 6c 69
                                                                                                                                                                  Data Ascii: html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:rgba(0,0,0,0);}body{margin:0;line-height:1.42857143;color:#000;background-color:#fff;}header,nav{display:block;}a{background-color:transparent;}a:active,a:hover{outli
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 39 33 25 3b 7d 2e 61 72 77 2d 62 6c 75 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 2d 32 38 30 70 78 20 30 3b 7d 68 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 74 6f 70 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 20 65 61 73 65 3b 7d 2e 70 68 6f 6e 65 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 2d 33 34 31 70 78 20 2d 32 70 78 3b 7d 2e 73 65 61 72 63 68 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c
                                                                                                                                                                  Data Ascii: .container{width:93%;}.arw-blu{background-position:-280px 0;}header{position:absolute;width:100%;top:0;background-color:transparent;z-index:999;transition:.4s ease;}.phone{vertical-align:middle;background-position:-341px -2px;}.search{vertical-align:middl
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 75 6e 64 65 72 6c 69 6e 65 3b 7d 2e 6c 69 73 74 69 6e 67 73 20 2e 68 65 61 64 5f 73 6f 66 74 5f 6e 61 6d 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 35 70 78 3b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 7d 2e 6c 69 73 74 69 6e 67 73 20 61 20 7b 63 6f 6c 6f 72 3a 20 23 30 31 61 31 65 35 3b 7d 2e 6c 69 73 74 69 6e 67 73 20 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 20 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 7d 2e 6d 65 6e 75 2d 74 61 62 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 35 30 34 70 78 3b 7d
                                                                                                                                                                  Data Ascii: underline;}.listings .head_soft_name{font-size: 16px;color:#000000;margin-bottom: 5px;display: block;font-weight: 600;}.listings a {color: #01a1e5;}.listings p{font-size: 15px; color:#333333;}.menu-tab{width: 100%;display:flex;padding:0;min-height:504px;}
                                                                                                                                                                  2024-10-01 15:26:55 UTC4939INData Raw: 7d 2e 73 6f 6c 6e 2d 66 6c 78 6d 65 6e 75 20 2e 74 77 2d 73 70 6c 69 74 7b 70 61 64 64 69 6e 67 3a 20 31 35 70 78 20 31 35 70 78 20 35 70 78 3b 7d 2e 66 6c 78 2d 62 6f 78 65 73 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 7d 2e 6d 6f 64 61 6c 2d 6c 69 73 74 73 2c 2e 73 70 72 69 74 65 6c 69 73 74 73 2d 6d 65 6e 75 7b 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 30 70 78 20 33 70 78 3b 7d 2e 73 70 72 69 74 65 6c 69 73 74 73 2d 6d 65 6e 75 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 2e 73 70 72 69 74 65 6c 69 73 74 73 2d 6d 65 6e 75 20 6c 69 7b 77 69 64 74 68 3a 33 31 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 7d 2e 73 65 61 72 63 68 2d 77 72 70 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 62 61
                                                                                                                                                                  Data Ascii: }.soln-flxmenu .tw-split{padding: 15px 15px 5px;}.flx-boxes{display:block;}.modal-lists,.spritelists-menu{width:100%;padding:10px 0px 3px;}.spritelists-menu{text-align:center;}.spritelists-menu li{width:31%;text-align:left;}.search-wrpr{box-shadow:none;ba


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  9192.168.2.45462467.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:55 UTC605OUTGET /jsnew/jquery-v3.6.3.js HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:55 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 11 Sep 2024 10:10:45 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 86677
                                                                                                                                                                  Cache-Control: max-age=31536000, public, private
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: application/x-javascript
                                                                                                                                                                  2024-10-01 15:26:55 UTC7635INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 20 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20
                                                                                                                                                                  Data Ascii: /*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */ !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw Error("jQuery
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 61 72 20 74 3d 6c 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 66 69 65 6c 64 73 65 74 22 29 3b 74 72 79 7b 72 65 74 75 72 6e 21 21 65 28 74 29 7d 63 61 74 63 68 28 6e 29 7b 72 65 74 75 72 6e 21 31 7d 66 69 6e 61 6c 6c 79 7b 74 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 29 2c 74 3d 6e 75 6c 6c 7d 7d 66 75 6e 63 74 69 6f 6e 20 65 69 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 77 28 74 2c 22 69 6e 70 75 74 22 29 26 26 74 2e 74 79 70 65 3d 3d 3d 65 7d 7d 66 75 6e 63 74 69 6f 6e 20 65 6f 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 28 77 28 74 2c 22 69 6e 70 75 74 22 29 7c 7c 77 28 74 2c 22 62 75
                                                                                                                                                                  Data Ascii: ar t=l.createElement("fieldset");try{return!!e(t)}catch(n){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function ei(e){return function(t){return w(t,"input")&&t.type===e}}function eo(e){return function(t){return(w(t,"input")||w(t,"bu
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 21 30 3d 3d 3d 65 2e 73 65 6c 65 63 74 65 64 7d 2c 65 6d 70 74 79 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 65 3d 65 2e 66 69 72 73 74 43 68 69 6c 64 3b 65 3b 65 3d 65 2e 6e 65 78 74 53 69 62 6c 69 6e 67 29 69 66 28 65 2e 6e 6f 64 65 54 79 70 65 3c 36 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 70 61 72 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 72 2e 70 73 65 75 64 6f 73 2e 65 6d 70 74 79 28 65 29 7d 2c 68 65 61 64 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 55 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 58 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65
                                                                                                                                                                  Data Ascii: selectedIndex,!0===e.selected},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeType<6)return!1;return!0},parent:function(e){return!r.pseudos.empty(e)},header:function(e){return U.test(e.nodeName)},input:function(e){return X.test(e.nodeName
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 66 69 6c 74 65 72 28 65 29 29 7d 7d 29 2c 5f 2e 65 61 63 68 28 7b 70 61 72 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 74 26 26 31 31 21 3d 3d 74 2e 6e 6f 64 65 54 79 70 65 3f 74 3a 6e 75 6c 6c 7d 2c 70 61 72 65 6e 74 73 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 65 2c 22 70 61 72 65 6e 74 4e 6f 64 65 22 29 7d 2c 70 61 72 65 6e 74 73 55 6e 74 69 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 4c 28 65 2c 22 70 61 72 65 6e 74 4e 6f 64 65 22 2c 6e 29 7d 2c 6e 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 42 28 65 2c 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 29 7d 2c 70 72 65 76 3a 66 75 6e 63 74 69 6f 6e 28
                                                                                                                                                                  Data Ascii: filter(e))}}),_.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return L(e,"parentNode")},parentsUntil:function(e,t,n){return L(e,"parentNode",n)},next:function(e){return B(e,"nextSibling")},prev:function(
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 6f 2e 72 65 6d 6f 76 65 28 74 68 69 73 2c 65 29 7d 29 7d 7d 29 2c 5f 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3b 69 66 28 65 29 72 65 74 75 72 6e 20 74 3d 28 74 7c 7c 22 66 78 22 29 2b 22 71 75 65 75 65 22 2c 72 3d 65 69 2e 67 65 74 28 65 2c 74 29 2c 6e 26 26 28 21 72 7c 7c 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6e 29 3f 72 3d 65 69 2e 61 63 63 65 73 73 28 65 2c 74 2c 5f 2e 6d 61 6b 65 41 72 72 61 79 28 6e 29 29 3a 72 2e 70 75 73 68 28 6e 29 29 2c 72 7c 7c 5b 5d 7d 2c 64 65 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 3d 74 7c 7c 22 66 78 22 3b 76 61 72 20 6e 3d 5f
                                                                                                                                                                  Data Ascii: on(e){return this.each(function(){eo.remove(this,e)})}}),_.extend({queue:function(e,t,n){var r;if(e)return t=(t||"fx")+"queue",r=ei.get(e,t),n&&(!r||Array.isArray(n)?r=ei.access(e,t,_.makeArray(n)):r.push(n)),r||[]},dequeue:function(e,t){t=t||"fx";var n=_
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 3d 3d 28 72 3d 28 28 5f 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 5b 6f 2e 6f 72 69 67 54 79 70 65 5d 7c 7c 7b 7d 29 2e 68 61 6e 64 6c 65 7c 7c 6f 2e 68 61 6e 64 6c 65 72 29 2e 61 70 70 6c 79 28 69 2e 65 6c 65 6d 2c 61 29 29 26 26 21 31 3d 3d 3d 28 75 2e 72 65 73 75 6c 74 3d 72 29 26 26 28 75 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 75 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 29 3b 72 65 74 75 72 6e 20 63 2e 70 6f 73 74 44 69 73 70 61 74 63 68 26 26 63 2e 70 6f 73 74 44 69 73 70 61 74 63 68 2e 63 61 6c 6c 28 74 68 69 73 2c 75 29 2c 75 2e 72 65 73 75 6c 74 7d 7d 2c 68 61 6e 64 6c 65 72 73 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 2c 73 2c 61 3d 5b 5d 2c 75 3d 74 2e 64 65 6c 65 67 61 74 65 43
                                                                                                                                                                  Data Ascii: ==(r=((_.event.special[o.origType]||{}).handle||o.handler).apply(i.elem,a))&&!1===(u.result=r)&&(u.preventDefault(),u.stopPropagation()));return c.postDispatch&&c.postDispatch.call(this,u),u.result}},handlers:function(e,t){var n,r,i,o,s,a=[],u=t.delegateC
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 73 65 72 74 42 65 66 6f 72 65 28 65 2c 74 68 69 73 29 7d 29 7d 2c 61 66 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 49 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 74 68 69 73 2e 6e 65 78 74 53 69 62 6c 69 6e 67 29 7d 29 7d 2c 65 6d 70 74 79 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 65 2c 74 3d 30 3b 6e 75 6c 6c 21 3d 28 65 3d 74 68 69 73 5b 74 5d 29 3b 74 2b 2b 29 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 28 5f 2e 63 6c 65 61 6e 44 61 74 61 28 65 43 28 65 2c 21 31 29 29 2c 65 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 22 22 29 3b
                                                                                                                                                                  Data Ascii: sertBefore(e,this)})},after:function(){return eI(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},empty:function(){for(var e,t=0;null!=(e=this[t]);t++)1===e.nodeType&&(_.cleanData(eC(e,!1)),e.textContent="");
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 70 74 69 6f 6e 73 2e 64 75 72 61 74 69 6f 6e 29 3a 74 68 69 73 2e 70 6f 73 3d 74 3d 65 2c 74 68 69 73 2e 6e 6f 77 3d 28 74 68 69 73 2e 65 6e 64 2d 74 68 69 73 2e 73 74 61 72 74 29 2a 74 2b 74 68 69 73 2e 73 74 61 72 74 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 73 74 65 70 26 26 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 73 74 65 70 2e 63 61 6c 6c 28 74 68 69 73 2e 65 6c 65 6d 2c 74 68 69 73 2e 6e 6f 77 2c 74 68 69 73 29 2c 6e 26 26 6e 2e 73 65 74 3f 6e 2e 73 65 74 28 74 68 69 73 29 3a 65 4b 2e 70 72 6f 70 48 6f 6f 6b 73 2e 5f 64 65 66 61 75 6c 74 2e 73 65 74 28 74 68 69 73 29 2c 74 68 69 73 7d 7d 29 2e 69 6e 69 74 2e 70 72 6f 74 6f 74 79 70 65 3d 65 4b 2e 70 72 6f 74 6f 74 79 70 65 2c 28 65 4b 2e 70 72 6f 70 48 6f 6f 6b 73 3d 7b 5f 64 65 66 61 75 6c 74 3a 7b
                                                                                                                                                                  Data Ascii: ptions.duration):this.pos=t=e,this.now=(this.end-this.start)*t+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):eK.propHooks._default.set(this),this}}).init.prototype=eK.prototype,(eK.propHooks={_default:{
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 65 2c 22 69 6e 70 75 74 22 29 29 7b 76 61 72 20 6e 3d 65 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 74 29 2c 6e 26 26 28 65 2e 76 61 6c 75 65 3d 6e 29 2c 74 7d 7d 7d 7d 2c 72 65 6d 6f 76 65 41 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 30 2c 69 3d 74 26 26 74 2e 6d 61 74 63 68 28 7a 29 3b 69 66 28 69 26 26 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 29 66 6f 72 28 3b 6e 3d 69 5b 72 2b 2b 5d 3b 29 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 6e 29 7d 7d 29 2c 74 61 3d 7b 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 21 31 3d 3d 3d 74 3f 5f 2e 72 65 6d 6f 76 65 41 74 74 72 28 65 2c 6e 29 3a 65 2e 73 65 74 41 74 74 72 69
                                                                                                                                                                  Data Ascii: e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},removeAttr:function(e,t){var n,r=0,i=t&&t.match(z);if(i&&1===e.nodeType)for(;n=i[r++];)e.removeAttribute(n)}}),ta={set:function(e,t,n){return!1===t?_.removeAttr(e,n):e.setAttri
                                                                                                                                                                  2024-10-01 15:26:55 UTC8000INData Raw: 29 3b 76 61 72 20 72 2c 69 3d 30 2c 6f 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 6d 61 74 63 68 28 7a 29 7c 7c 5b 5d 3b 69 66 28 68 28 6e 29 29 66 6f 72 28 3b 72 3d 6f 5b 69 2b 2b 5d 3b 29 22 2b 22 3d 3d 3d 72 5b 30 5d 3f 28 65 5b 72 3d 72 2e 73 6c 69 63 65 28 31 29 7c 7c 22 2a 22 5d 3d 65 5b 72 5d 7c 7c 5b 5d 29 2e 75 6e 73 68 69 66 74 28 6e 29 3a 28 65 5b 72 5d 3d 65 5b 72 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 6e 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 50 28 65 2c 74 2c 6e 2c 72 29 7b 76 61 72 20 69 3d 7b 7d 2c 6f 3d 65 3d 3d 3d 74 4e 3b 66 75 6e 63 74 69 6f 6e 20 73 28 61 29 7b 76 61 72 20 75 3b 72 65 74 75 72 6e 20 69 5b 61 5d 3d 21 30 2c 5f 2e 65 61 63 68 28 65 5b 61 5d 7c 7c 5b 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 76 61 72 20 6c 3d
                                                                                                                                                                  Data Ascii: );var r,i=0,o=t.toLowerCase().match(z)||[];if(h(n))for(;r=o[i++];)"+"===r[0]?(e[r=r.slice(1)||"*"]=e[r]||[]).unshift(n):(e[r]=e[r]||[]).push(n)}}function tP(e,t,n,r){var i={},o=e===tN;function s(a){var u;return i[a]=!0,_.each(e[a]||[],function(e,a){var l=


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  10192.168.2.45462567.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:55 UTC663OUTGET /imagenew20/logo.avif HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:56 UTC481INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 02 Sep 2024 06:40:26 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 7470
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Tue, 08 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  2024-10-01 15:26:56 UTC7470INData Raw: 00 00 00 1c 66 74 79 70 61 76 69 66 00 00 00 00 61 76 69 66 6d 69 66 31 6d 69 61 66 00 00 01 98 6d 65 74 61 00 00 00 00 00 00 00 21 68 64 6c 72 00 00 00 00 00 00 00 00 70 69 63 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 70 69 74 6d 00 00 00 00 00 01 00 00 00 34 69 6c 6f 63 00 00 00 00 44 40 00 02 00 02 00 00 00 00 01 bc 00 01 00 00 00 00 00 00 0c 84 00 01 00 00 00 00 0e 40 00 01 00 00 00 00 00 00 0e ee 00 00 00 38 69 69 6e 66 00 00 00 00 00 02 00 00 00 15 69 6e 66 65 02 00 00 00 00 01 00 00 61 76 30 31 00 00 00 00 15 69 6e 66 65 02 00 00 00 00 02 00 00 61 76 30 31 00 00 00 00 d7 69 70 72 70 00 00 00 b1 69 70 63 6f 00 00 00 13 63 6f 6c 72 6e 63 6c 78 00 02 00 02 00 06 80 00 00 00 0c 61 76 31 43 81 00 1c 00 00 00 00 14 69 73 70 65 00 00 00 00 00
                                                                                                                                                                  Data Ascii: ftypavifavifmif1miafmeta!hdlrpictpitm4ilocD@@8iinfinfeav01infeav01iprpipcocolrnclxav1Cispe


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  11192.168.2.45462667.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:55 UTC663OUTGET /imagenew20/cli-1.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:56 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Oct 2023 11:14:47 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 3137
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:55 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:26:56 UTC3137INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 8f 00 00 00 13 08 06 00 00 00 a9 c7 5e ab 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 31 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 30 3a 30 31 3a 35 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDR^pHYs1iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:R


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  12192.168.2.45463067.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:56 UTC663OUTGET /imagenew20/cli-2.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:57 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:56 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Oct 2023 11:15:24 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 9112
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:56 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:26:57 UTC7686INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c7 00 00 00 2e 08 06 00 00 00 9c 4e 0d 8c 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 31 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 30 3a 30 31 3a 35 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDR.NpHYs1iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:R
                                                                                                                                                                  2024-10-01 15:26:57 UTC1426INData Raw: bb 1f 7c 8c e1 c4 cc 89 d6 19 d2 b0 e0 3b 10 be 82 b8 b4 65 eb cd 7d 4a 45 c2 dd 21 ee 4f e2 fc 47 92 58 e0 eb 50 58 51 2a 93 54 61 1d 00 71 1f a0 17 74 8f f1 25 52 18 b6 e3 af 71 b2 b5 4b fa 0a e8 34 d2 59 a8 bb 64 79 5e 05 5c 69 3c 94 c7 1e 77 64 8e fc 84 ed 9c c8 64 50 19 b0 fd ce 34 58 bd 1b 15 0b 9a 56 4a fa 67 a4 cf 63 37 d3 c4 9e 7d 5f 9c ec 3d 0b b4 47 b2 5a 79 3a 30 02 5a 6a b8 59 e2 16 db 83 d5 13 c8 0d 76 17 70 14 68 f3 4c df 1b cf f1 b5 2b 31 fe c0 29 92 00 29 7c 1c e9 3d 8c 7b d6 ab 01 ed 89 e3 21 a0 21 e3 5f 48 a1 e3 76 58 db 9b 29 9d 40 b8 2d b0 d2 70 b1 14 6e 29 65 d5 95 2c 7a de 03 f4 33 54 39 82 69 9c e2 4d 32 ca e8 05 99 0e fa 08 e8 32 94 3b 0e 95 97 3d 4b 49 aa d8 1a b4 18 f8 15 d2 92 b1 79 51 b4 b3 24 db 5b 61 e6 4b 9a 0f 74 19 3f 1c
                                                                                                                                                                  Data Ascii: |;e}JE!OGXPXQ*Taqt%RqK4Ydy^\i<wddP4XVJgc7}_=GZy:0ZjYvphL+1))|={!!_HvX)@-pn)e,z3T9iM22;=KIyQ$[aKt?


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  13192.168.2.45462967.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:56 UTC663OUTGET /imagenew20/cli-3.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:57 UTC507INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:56 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Oct 2023 11:15:57 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 10398
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:56 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:26:57 UTC7685INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 92 00 00 00 28 08 06 00 00 00 15 2a a3 9d 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 31 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 30 3a 30 31 3a 35 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDR(*pHYs1iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:R
                                                                                                                                                                  2024-10-01 15:26:57 UTC2713INData Raw: 88 e4 2c d4 84 d9 db 46 81 8d 6c 9c 39 ff a8 d1 d9 b5 77 27 78 4c 88 42 63 bc d9 e8 6d f8 a6 4a 0b 83 30 d2 ec 22 0b 09 46 84 95 ee b5 f4 c9 f3 39 30 dc c6 3e c9 3a f2 19 fb 31 91 ee 15 f1 2d e4 ca 66 6d f1 7b ab d9 96 04 b4 5d a4 56 c9 bc 59 3c 55 90 92 60 f1 96 f8 6b 1d 10 d7 a3 2f 8f 06 e9 81 01 38 60 24 3e 33 94 11 8d c2 92 91 e8 fa 56 92 e8 f3 a3 31 89 6b 02 6c ec 8f 58 73 ef 60 e9 42 94 26 d6 cc 06 53 03 dd 14 37 cf 06 08 19 e4 5b c0 d5 23 b8 2c 06 b2 66 f4 7d 06 ea 30 53 20 eb 9b dc 54 88 fd 3b 1f fb cd 2d ac 99 05 87 ee 82 60 4b c1 b5 53 be dc 7e e7 f7 48 b3 4c 82 b4 d3 c8 99 a4 da f2 45 11 d1 6e 88 a7 22 24 8b c5 1b 23 10 44 94 d1 d1 2a f5 62 2e 3b fb f7 65 61 73 31 5b 1a 1b 18 d3 71 0a a9 0c 1f cd 35 a1 df ee 32 5e 52 da e7 dc 36 9b 27 99 a2 ef
                                                                                                                                                                  Data Ascii: ,Fl9w'xLBcmJ0"F90>:1-fm{]VY<U`k/8`$>3V1klXs`B&S7[#,f}0S T;-`KS~HLEn"$#D*b.;eas1[q52^R6'


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  14192.168.2.45463267.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:56 UTC371OUTGET /imagenew20/cli-1.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:57 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:56 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Oct 2023 11:14:47 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 3137
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:56 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:26:57 UTC3137INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 8f 00 00 00 13 08 06 00 00 00 a9 c7 5e ab 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 31 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 30 3a 30 31 3a 35 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDR^pHYs1iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:R


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  15192.168.2.45463167.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:56 UTC371OUTGET /imagenew20/logo.avif HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:57 UTC481INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:56 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 02 Sep 2024 06:40:26 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 7470
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Tue, 08 Oct 2024 15:26:56 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  2024-10-01 15:26:57 UTC7470INData Raw: 00 00 00 1c 66 74 79 70 61 76 69 66 00 00 00 00 61 76 69 66 6d 69 66 31 6d 69 61 66 00 00 01 98 6d 65 74 61 00 00 00 00 00 00 00 21 68 64 6c 72 00 00 00 00 00 00 00 00 70 69 63 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 70 69 74 6d 00 00 00 00 00 01 00 00 00 34 69 6c 6f 63 00 00 00 00 44 40 00 02 00 02 00 00 00 00 01 bc 00 01 00 00 00 00 00 00 0c 84 00 01 00 00 00 00 0e 40 00 01 00 00 00 00 00 00 0e ee 00 00 00 38 69 69 6e 66 00 00 00 00 00 02 00 00 00 15 69 6e 66 65 02 00 00 00 00 01 00 00 61 76 30 31 00 00 00 00 15 69 6e 66 65 02 00 00 00 00 02 00 00 61 76 30 31 00 00 00 00 d7 69 70 72 70 00 00 00 b1 69 70 63 6f 00 00 00 13 63 6f 6c 72 6e 63 6c 78 00 02 00 02 00 06 80 00 00 00 0c 61 76 31 43 81 00 1c 00 00 00 00 14 69 73 70 65 00 00 00 00 00
                                                                                                                                                                  Data Ascii: ftypavifavifmif1miafmeta!hdlrpictpitm4ilocD@@8iinfinfeav01infeav01iprpipcocolrnclxav1Cispe


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  16192.168.2.45463467.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:57 UTC663OUTGET /imagenew20/cli-4.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:57 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Oct 2023 11:16:38 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 6414
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:26:57 UTC6414INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6f 00 00 00 24 08 06 00 00 00 87 5a 64 cf 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 31 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 30 3a 30 31 3a 35 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDRo$ZdpHYs1iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:R


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  17192.168.2.45463767.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:57 UTC665OUTGET /imagenew20/soc001.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:57 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:59 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 604
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:57 UTC604INData Raw: 52 49 46 46 54 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 56 01 00 00 01 90 a3 6d db b1 47 77 6c db b6 b3 09 fd 2b c8 0a ac ce b6 5d bb 76 2a b3 1a 7b a6 b2 cd 58 4f f1 bc ef f3 7d 47 56 10 11 13 80 9b 9c 5c 32 bb f7 e8 d1 c6 6c 61 8a 39 f1 bd 2f af 48 79 f9 a6 3d dd 98 cb c0 31 c9 47 3c 0d 64 df 22 c3 77 52 44 96 43 32 f1 d0 22 48 ba 22 f1 9f 1f c7 8c 2e 33 35 9e 8f 49 3a 5d 90 14 9d 9d 33 4f 44 f4 d0 45 35 41 c2 8b 42 28 8b 18 0d 29 52 2e 24 5d 50 57 2a 4e 22 58 0f 09 7f 85 31 eb f0 c0 2e 05 0d 5a 03 49 6f 25 07 00 10 b6 79 f6 fd 44 f5 3a 1e 28 26 e9 32 9b 25 69 39 30 2b 9a 67 6b a2 39 60 43 b4 c1 36 45 bb c0 53 cd e5 97 77 3f 27 d9 e4 cf 0f ef 8e 34 8f 81 c7 9a 0f 69 7e 51 de cc 3b 2a d0 6f 4d f3 04 d8 d5 bc
                                                                                                                                                                  Data Ascii: RIFFTWEBPVP8XALPHVmGwl+]v*{XO}GV\2la9/Hy=1G<d"wRDC2"H".35I:]3ODE5AB()R.$]PW*N"X1.ZIo%yD:(&2%i90+gk9`C6ESw?'4i~Q;*oM


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  18192.168.2.45463567.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:57 UTC371OUTGET /imagenew20/cli-2.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:57 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Oct 2023 11:15:24 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 9112
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:26:57 UTC7686INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c7 00 00 00 2e 08 06 00 00 00 9c 4e 0d 8c 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 31 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 30 3a 30 31 3a 35 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDR.NpHYs1iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:R
                                                                                                                                                                  2024-10-01 15:26:57 UTC1426INData Raw: bb 1f 7c 8c e1 c4 cc 89 d6 19 d2 b0 e0 3b 10 be 82 b8 b4 65 eb cd 7d 4a 45 c2 dd 21 ee 4f e2 fc 47 92 58 e0 eb 50 58 51 2a 93 54 61 1d 00 71 1f a0 17 74 8f f1 25 52 18 b6 e3 af 71 b2 b5 4b fa 0a e8 34 d2 59 a8 bb 64 79 5e 05 5c 69 3c 94 c7 1e 77 64 8e fc 84 ed 9c c8 64 50 19 b0 fd ce 34 58 bd 1b 15 0b 9a 56 4a fa 67 a4 cf 63 37 d3 c4 9e 7d 5f 9c ec 3d 0b b4 47 b2 5a 79 3a 30 02 5a 6a b8 59 e2 16 db 83 d5 13 c8 0d 76 17 70 14 68 f3 4c df 1b cf f1 b5 2b 31 fe c0 29 92 00 29 7c 1c e9 3d 8c 7b d6 ab 01 ed 89 e3 21 a0 21 e3 5f 48 a1 e3 76 58 db 9b 29 9d 40 b8 2d b0 d2 70 b1 14 6e 29 65 d5 95 2c 7a de 03 f4 33 54 39 82 69 9c e2 4d 32 ca e8 05 99 0e fa 08 e8 32 94 3b 0e 95 97 3d 4b 49 aa d8 1a b4 18 f8 15 d2 92 b1 79 51 b4 b3 24 db 5b 61 e6 4b 9a 0f 74 19 3f 1c
                                                                                                                                                                  Data Ascii: |;e}JE!OGXPXQ*Taqt%RqK4Ydy^\i<wddP4XVJgc7}_=GZy:0ZjYvphL+1))|={!!_HvX)@-pn)e,z3T9iM22;=KIyQ$[aKt?


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  19192.168.2.45463867.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:57 UTC371OUTGET /imagenew20/cli-3.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:57 UTC507INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Oct 2023 11:15:57 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 10398
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:26:57 UTC7685INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 92 00 00 00 28 08 06 00 00 00 15 2a a3 9d 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 31 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 30 3a 30 31 3a 35 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDR(*pHYs1iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:R
                                                                                                                                                                  2024-10-01 15:26:57 UTC2713INData Raw: 88 e4 2c d4 84 d9 db 46 81 8d 6c 9c 39 ff a8 d1 d9 b5 77 27 78 4c 88 42 63 bc d9 e8 6d f8 a6 4a 0b 83 30 d2 ec 22 0b 09 46 84 95 ee b5 f4 c9 f3 39 30 dc c6 3e c9 3a f2 19 fb 31 91 ee 15 f1 2d e4 ca 66 6d f1 7b ab d9 96 04 b4 5d a4 56 c9 bc 59 3c 55 90 92 60 f1 96 f8 6b 1d 10 d7 a3 2f 8f 06 e9 81 01 38 60 24 3e 33 94 11 8d c2 92 91 e8 fa 56 92 e8 f3 a3 31 89 6b 02 6c ec 8f 58 73 ef 60 e9 42 94 26 d6 cc 06 53 03 dd 14 37 cf 06 08 19 e4 5b c0 d5 23 b8 2c 06 b2 66 f4 7d 06 ea 30 53 20 eb 9b dc 54 88 fd 3b 1f fb cd 2d ac 99 05 87 ee 82 60 4b c1 b5 53 be dc 7e e7 f7 48 b3 4c 82 b4 d3 c8 99 a4 da f2 45 11 d1 6e 88 a7 22 24 8b c5 1b 23 10 44 94 d1 d1 2a f5 62 2e 3b fb f7 65 61 73 31 5b 1a 1b 18 d3 71 0a a9 0c 1f cd 35 a1 df ee 32 5e 52 da e7 dc 36 9b 27 99 a2 ef
                                                                                                                                                                  Data Ascii: ,Fl9w'xLBcmJ0"F90>:1-fm{]VY<U`k/8`$>3V1klXs`B&S7[#,f}0S T;-`KS~HLEn"$#D*b.;eas1[q52^R6'


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  20192.168.2.45463967.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:57 UTC665OUTGET /imagenew20/soc002.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:57 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:50 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 666
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:57 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:57 UTC666INData Raw: 52 49 46 46 92 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 83 01 00 00 01 90 a4 6d db b1 37 77 6c a3 6e 34 af 6d eb 47 6d db b6 19 67 d4 05 b8 1b b0 6d b7 b3 76 18 27 b5 dd 7e 57 f1 7e 38 8e 6c 20 22 26 40 0d bf cf f6 45 c6 65 e3 5c 74 5f be 68 f1 ca 64 49 1d be 61 b6 7c 8e 9a d6 02 07 c3 24 69 04 60 01 7c c8 72 90 fe 08 b8 15 2b 63 3e 94 4f 0f ee 83 cb 0e ce 01 f7 52 65 8e bc 06 eb a4 eb 90 6f 53 06 bc cb 93 7d 8b e7 30 4a 59 f5 10 30 6c 06 be 0f 94 53 3f d4 35 52 e0 37 2f 5b 48 f2 03 cc 91 f3 02 b8 11 a2 12 b8 14 a9 2e cf 81 12 b9 bd 0a c5 0a bb 04 9b 32 ea 80 fd 72 dd f2 0d f8 94 f7 9c 77 4f 81 27 71 ee e4 87 0f 59 1a fa 01 e0 49 33 79 59 02 97 a5 33 40 75 2b 79 7b 1d d6 8f fe 0c 1c 91 c7 59 f5 98 3f 06 3c d2
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPHm7wln4mGmgmv'~W~8l "&@Ee\t_hdIa|$i`|r+c>OReoS}0JY0lS?5R7/[H.2rwO'qYI3yY3@u+y{Y?<


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  21192.168.2.45464367.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC665OUTGET /imagenew20/soc003.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:58 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:37 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 534
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:58 UTC534INData Raw: 52 49 46 46 0e 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 2f 01 00 00 01 90 a3 6d db b1 47 57 6c 27 9d 59 65 05 6c 73 a4 d2 02 92 da b6 6d 76 39 52 25 9d ad b1 3d 53 cd b4 b6 6d de 71 de 1f 0b 88 88 09 c0 0a fd 7b 2f 9d 3d 6d f4 ec d9 76 5f c0 67 5a 16 9c 09 80 1e 59 74 18 ce ec f3 e0 8b a1 4b 70 56 d2 fd f4 c0 84 39 33 67 e1 b4 f4 37 03 e0 8e 91 d3 fb 3c f5 dc 33 66 81 8f 91 7b 56 2c a0 05 17 c8 fe 6d 09 dd 1e 9a ff 25 8b 98 3f e0 c3 93 67 4f 5f fc d3 df a7 4f 9e 3c f9 a6 4f 6b 53 b7 fe 1e a1 c4 c9 c9 29 f6 b5 9e b8 3a 39 39 4e 5c 8c 07 52 af 1d 2e 0f 08 7d a5 c7 00 89 ec eb 78 f2 50 45 40 f4 6b 3d 71 02 47 0e 0c ff 64 08 72 57 c7 43 00 26 4d a5 49 9a 73 00 9a 4c 75 48 7a ed 03 34 9b ea 95 f4 30 00 68 35 d5 27
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPH/mGWl'Yelsmv9R%=Smq{/=mv_gZYtKpV93g7<3f{V,m%?gO_O<OkS):99N\R.}xPE@k=qGdrWC&MIsLuHz40h5'


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  22192.168.2.45464467.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC371OUTGET /imagenew20/cli-4.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:58 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Oct 2023 11:16:38 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 6414
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:26:58 UTC6414INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6f 00 00 00 24 08 06 00 00 00 87 5a 64 cf 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 31 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 30 3a 30 31 3a 35 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDRo$ZdpHYs1iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899, 2023/06/25-20:01:55 "> <rdf:R


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  23192.168.2.45464567.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC665OUTGET /imagenew20/soc004.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:58 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:23 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 720
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:58 UTC720INData Raw: 52 49 46 46 c8 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 c8 01 00 00 01 90 28 49 b2 69 5b 7d 6d db b6 7d ef b3 6d db b6 6d db b6 6d db b6 79 f0 6c db fd b0 b1 f6 fb 82 88 98 00 fc af 1d af 97 40 33 5d 49 0d 72 73 2d ee 33 50 03 e8 9f a7 72 35 e0 21 ae f6 9b c3 bf b2 30 eb d5 81 00 cc ef e4 b9 aa 81 3a 93 1b 3c 80 ba 9c f1 7e 95 1b f7 44 70 81 3a 0c 66 77 6c b9 8f 21 4f a3 1e ae 0a e1 04 01 cd d9 00 5b 0d 18 65 8c 78 24 a8 1d 9b 61 93 11 a3 0d 9a 6c d1 61 a4 21 f2 f1 ca 20 61 1b ee 61 c0 b3 e8 a7 0b 6d 39 51 40 0f b6 43 2b ae 78 b6 d3 e1 e6 a7 1d 1c 2f a0 ce ed ea c0 d2 8f 57 43 d0 e6 cc aa 2d 15 05 68 6b 9d bf 51 bd 3a d5 6b d7 ad 5b a7 46 ad ba 75 eb d6 a9 5b a7 5e a3 fc 66 0a 82 4f 51 e8 be 10 99 52 06 0a be
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPH(Ii[}m}mmmyl@3]Irs-3Pr5!0:<~Dp:fwl!O[ex$ala! aam9Q@C+x/WC-hkQ:k[Fu[^fOQR


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  24192.168.2.45464667.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC373OUTGET /imagenew20/soc001.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:58 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:59 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 604
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:58 UTC604INData Raw: 52 49 46 46 54 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 56 01 00 00 01 90 a3 6d db b1 47 77 6c db b6 b3 09 fd 2b c8 0a ac ce b6 5d bb 76 2a b3 1a 7b a6 b2 cd 58 4f f1 bc ef f3 7d 47 56 10 11 13 80 9b 9c 5c 32 bb f7 e8 d1 c6 6c 61 8a 39 f1 bd 2f af 48 79 f9 a6 3d dd 98 cb c0 31 c9 47 3c 0d 64 df 22 c3 77 52 44 96 43 32 f1 d0 22 48 ba 22 f1 9f 1f c7 8c 2e 33 35 9e 8f 49 3a 5d 90 14 9d 9d 33 4f 44 f4 d0 45 35 41 c2 8b 42 28 8b 18 0d 29 52 2e 24 5d 50 57 2a 4e 22 58 0f 09 7f 85 31 eb f0 c0 2e 05 0d 5a 03 49 6f 25 07 00 10 b6 79 f6 fd 44 f5 3a 1e 28 26 e9 32 9b 25 69 39 30 2b 9a 67 6b a2 39 60 43 b4 c1 36 45 bb c0 53 cd e5 97 77 3f 27 d9 e4 cf 0f ef 8e 34 8f 81 c7 9a 0f 69 7e 51 de cc 3b 2a d0 6f 4d f3 04 d8 d5 bc
                                                                                                                                                                  Data Ascii: RIFFTWEBPVP8XALPHVmGwl+]v*{XO}GV\2la9/Hy=1G<d"wRDC2"H".35I:]3ODE5AB()R.$]PW*N"X1.ZIo%yD:(&2%i90+gk9`C6ESw?'4i~Q;*oM


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  25192.168.2.45464767.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC665OUTGET /imagenew20/soc005.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:58 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:17 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 650
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:58 UTC650INData Raw: 52 49 46 46 82 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 a3 01 00 00 01 90 64 6d db a1 47 4f d0 36 f6 60 63 05 3d d2 b0 10 3b f9 d1 b6 c7 b6 7b 64 a3 92 61 6d a0 6d db 1a c6 c6 3d a8 af 70 b2 82 88 98 00 0d ce 19 1b ef 3c fe fc a3 b1 29 fc df c7 97 77 56 4d 8b 70 b8 9b 44 3b 8f e5 18 86 5f 23 f1 eb 43 02 a7 81 b6 ab db d2 d5 ae ed 18 ad a2 ba d4 ce 7a 80 e3 92 a6 f4 c0 d7 79 4a 70 d1 37 60 8a b4 01 7a 66 2b f6 e4 4d 4b 34 a5 11 36 4b 1e 34 28 fe 6d 58 ac ab e0 49 af 60 57 c8 a8 ec 59 df 3f 5b 39 5c fa 01 1b b4 0d 1e 4b 1f 21 65 4a 7d c5 f8 ae 44 cb df de 1a a7 0c 7c 91 fe 41 9d 61 15 11 57 29 58 09 3f a5 56 28 0a d8 00 f7 f6 1e 7e 0c 50 12 70 a1 51 6a 02 4b d2 d0 6f d0 57 26 49 c5 7d f0 7f ac 24 1b 9a 0d 8e a4
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPHdmGO6`c=;{damm=p<)wVMpD;_#CzyJp7`zf+MK46K4(mXI`WY?[9\K!eJ}D|AaW)X?V(~PpQjKoW&I}$


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  26192.168.2.45464867.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC373OUTGET /imagenew20/soc002.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:58 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:50 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 666
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:58 UTC666INData Raw: 52 49 46 46 92 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 83 01 00 00 01 90 a4 6d db b1 37 77 6c a3 6e 34 af 6d eb 47 6d db b6 19 67 d4 05 b8 1b b0 6d b7 b3 76 18 27 b5 dd 7e 57 f1 7e 38 8e 6c 20 22 26 40 0d bf cf f6 45 c6 65 e3 5c 74 5f be 68 f1 ca 64 49 1d be 61 b6 7c 8e 9a d6 02 07 c3 24 69 04 60 01 7c c8 72 90 fe 08 b8 15 2b 63 3e 94 4f 0f ee 83 cb 0e ce 01 f7 52 65 8e bc 06 eb a4 eb 90 6f 53 06 bc cb 93 7d 8b e7 30 4a 59 f5 10 30 6c 06 be 0f 94 53 3f d4 35 52 e0 37 2f 5b 48 f2 03 cc 91 f3 02 b8 11 a2 12 b8 14 a9 2e cf 81 12 b9 bd 0a c5 0a bb 04 9b 32 ea 80 fd 72 dd f2 0d f8 94 f7 9c 77 4f 81 27 71 ee e4 87 0f 59 1a fa 01 e0 49 33 79 59 02 97 a5 33 40 75 2b 79 7b 1d d6 8f fe 0c 1c 91 c7 59 f5 98 3f 06 3c d2
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPHm7wln4mGmgmv'~W~8l "&@Ee\t_hdIa|$i`|r+c>OReoS}0JY0lS?5R7/[H.2rwO'qYI3yY3@u+y{Y?<


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  27192.168.2.454649184.28.90.27443
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                                                                                                  Host: fs.microsoft.com
                                                                                                                                                                  2024-10-01 15:26:58 UTC467INHTTP/1.1 200 OK
                                                                                                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                  Server: ECAcc (lpl/EF06)
                                                                                                                                                                  X-CID: 11
                                                                                                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                  X-Ms-Region: prod-neu-z1
                                                                                                                                                                  Cache-Control: public, max-age=177532
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:58 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  X-CID: 2


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  28192.168.2.45465167.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC373OUTGET /imagenew20/soc003.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:59 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:37 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 534
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:59 UTC534INData Raw: 52 49 46 46 0e 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 2f 01 00 00 01 90 a3 6d db b1 47 57 6c 27 9d 59 65 05 6c 73 a4 d2 02 92 da b6 6d 76 39 52 25 9d ad b1 3d 53 cd b4 b6 6d de 71 de 1f 0b 88 88 09 c0 0a fd 7b 2f 9d 3d 6d f4 ec d9 76 5f c0 67 5a 16 9c 09 80 1e 59 74 18 ce ec f3 e0 8b a1 4b 70 56 d2 fd f4 c0 84 39 33 67 e1 b4 f4 37 03 e0 8e 91 d3 fb 3c f5 dc 33 66 81 8f 91 7b 56 2c a0 05 17 c8 fe 6d 09 dd 1e 9a ff 25 8b 98 3f e0 c3 93 67 4f 5f fc d3 df a7 4f 9e 3c f9 a6 4f 6b 53 b7 fe 1e a1 c4 c9 c9 29 f6 b5 9e b8 3a 39 39 4e 5c 8c 07 52 af 1d 2e 0f 08 7d a5 c7 00 89 ec eb 78 f2 50 45 40 f4 6b 3d 71 02 47 0e 0c ff 64 08 72 57 c7 43 00 26 4d a5 49 9a 73 00 9a 4c 75 48 7a ed 03 34 9b ea 95 f4 30 00 68 35 d5 27
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPH/mGWl'Yelsmv9R%=Smq{/=mv_gZYtKpV93g7<3f{V,m%?gO_O<OkS):99N\R.}xPE@k=qGdrWC&MIsLuHz40h5'


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  29192.168.2.45465067.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC661OUTGET /imagenew/dmca.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:59 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Thu, 17 Feb 2022 14:11:45 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 988
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:59 UTC988INData Raw: 52 49 46 46 d4 03 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 8f 00 00 17 00 00 41 4c 50 48 7f 00 00 00 11 27 20 20 21 fe af 95 03 dc 88 88 78 12 b0 22 db 76 15 f5 46 c1 7e 35 06 08 4e f0 ef ea 25 38 4c fa 8c e8 ff 04 dc df f9 b8 4f 7e 5e bc f1 cb e4 eb 3f 50 36 42 2a 34 aa 82 20 3a a5 34 10 6a 3b 36 eb e8 80 fd 7a f3 a0 97 f6 e3 8a 3a 3b ad c4 3a 10 4a f4 3b f0 61 d1 1e d8 9e d1 d5 72 68 9d 4f 38 d8 e5 88 71 45 77 16 5b 45 d4 2c 81 44 1d 8d 92 55 06 4d fd 07 b9 bf f3 71 9f fc 04 00 56 50 38 20 2e 03 00 00 30 11 00 9d 01 2a 90 00 18 00 3e a9 3a 93 44 23 21 8c e5 d3 6c 19 85 42 78 c0 33 42 40 0d 65 6f 01 c5 50 f1 e2 8c de 50 1c 9e f9 57 b5 63 dc ab 9f d4 53 f2 df f3 7e 05 7f d8 7a 21 f4 df d0 07 ec 37 18 37 55 f4 28 ff 91 e6 27 ea af f9 65 89 fb
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPH' !x"vF~5N%8LO~^?P6B*4 :4j;6z:;:J;arhO8qEw[E,DUMqVP8 .0*>:D#!lBx3B@eoPPWcS~z!77U('e


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  30192.168.2.45465267.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:58 UTC616OUTGET /jsnew/bootstrap.bundleV5.2.min.js HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:59 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Fri, 03 Feb 2023 07:15:49 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 80134
                                                                                                                                                                  Cache-Control: max-age=31536000, public, private
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: application/x-javascript
                                                                                                                                                                  2024-10-01 15:26:59 UTC7635INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 65 29 3a 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 7c 7c 73 65 6c 66 29 2e 62 6f 6f 74 73 74 72 61 70 3d 65 28 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 63 6f 6e 73 74 20 74 3d 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e
                                                                                                                                                                  Data Ascii: !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).bootstrap=e()}(this,(function(){"use strict";const t="transitionen
                                                                                                                                                                  2024-10-01 15:26:59 UTC8000INData Raw: 2c 65 29 7b 73 75 70 65 72 28 29 2c 28 74 3d 72 28 74 29 29 26 26 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 74 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 3d 74 68 69 73 2e 5f 67 65 74 43 6f 6e 66 69 67 28 65 29 2c 48 2e 73 65 74 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 44 41 54 41 5f 4b 45 59 2c 74 68 69 73 29 29 7d 64 69 73 70 6f 73 65 28 29 7b 48 2e 72 65 6d 6f 76 65 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 44 41 54 41 5f 4b 45 59 29 2c 50 2e 6f 66 66 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 45 56 45 4e 54 5f 4b 45 59 29 3b 66 6f 72 28 63 6f 6e 73 74 20 74 20 6f 66 20 4f 62 6a 65 63 74 2e 67
                                                                                                                                                                  Data Ascii: ,e){super(),(t=r(t))&&(this._element=t,this._config=this._getConfig(e),H.set(this._element,this.constructor.DATA_KEY,this))}dispose(){H.remove(this._element,this.constructor.DATA_KEY),P.off(this._element,this.constructor.EVENT_KEY);for(const t of Object.g
                                                                                                                                                                  2024-10-01 15:26:59 UTC8000INData Raw: 74 69 76 65 49 6e 64 69 63 61 74 6f 72 45 6c 65 6d 65 6e 74 28 6f 29 2c 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3d 73 3b 63 6f 6e 73 74 20 6c 3d 6e 3f 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 73 74 61 72 74 22 3a 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 65 6e 64 22 2c 63 3d 6e 3f 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 6e 65 78 74 22 3a 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 70 72 65 76 22 3b 73 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 63 29 2c 64 28 73 29 2c 69 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 6c 29 2c 73 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 6c 29 2c 74 68 69 73 2e 5f 71 75 65 75 65 43 61 6c 6c 62 61 63 6b 28 28 28 29 3d 3e 7b 73 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 6c 2c 63 29
                                                                                                                                                                  Data Ascii: tiveIndicatorElement(o),this._activeElement=s;const l=n?"carousel-item-start":"carousel-item-end",c=n?"carousel-item-next":"carousel-item-prev";s.classList.add(c),d(s),i.classList.add(l),s.classList.add(l),this._queueCallback((()=>{s.classList.remove(l,c)
                                                                                                                                                                  2024-10-01 15:26:59 UTC8000INData Raw: 74 28 74 29 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 65 65 28 74 29 7b 72 65 74 75 72 6e 5b 22 74 61 62 6c 65 22 2c 22 74 64 22 2c 22 74 68 22 5d 2e 69 6e 64 65 78 4f 66 28 57 74 28 74 29 29 3e 3d 30 7d 66 75 6e 63 74 69 6f 6e 20 69 65 28 74 29 7b 72 65 74 75 72 6e 28 28 46 74 28 74 29 3f 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3a 74 2e 64 6f 63 75 6d 65 6e 74 29 7c 7c 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 7d 66 75 6e 63 74 69 6f 6e 20 6e 65 28 74 29 7b 72 65 74 75 72 6e 22 68 74 6d 6c 22 3d 3d 3d 57 74 28 74 29 3f 74 3a 74 2e 61 73 73 69 67 6e 65 64 53 6c 6f 74 7c 7c 74 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 28 71 74 28 74 29 3f 74 2e 68 6f 73
                                                                                                                                                                  Data Ascii: t(t).getComputedStyle(t)}function ee(t){return["table","td","th"].indexOf(Wt(t))>=0}function ie(t){return((Ft(t)?t.ownerDocument:t.document)||window.document).documentElement}function ne(t){return"html"===Wt(t)?t:t.assignedSlot||t.parentNode||(qt(t)?t.hos
                                                                                                                                                                  2024-10-01 15:26:59 UTC8000INData Raw: 65 6d 65 6e 74 73 2e 70 6f 70 70 65 72 29 2c 6c 2c 68 2c 72 29 2c 41 3d 47 74 28 74 2e 65 6c 65 6d 65 6e 74 73 2e 72 65 66 65 72 65 6e 63 65 29 2c 45 3d 6b 65 28 7b 72 65 66 65 72 65 6e 63 65 3a 41 2c 65 6c 65 6d 65 6e 74 3a 76 2c 73 74 72 61 74 65 67 79 3a 22 61 62 73 6f 6c 75 74 65 22 2c 70 6c 61 63 65 6d 65 6e 74 3a 73 7d 29 2c 54 3d 4f 65 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 76 2c 45 29 29 2c 43 3d 75 3d 3d 3d 43 74 3f 54 3a 41 2c 4f 3d 7b 74 6f 70 3a 77 2e 74 6f 70 2d 43 2e 74 6f 70 2b 5f 2e 74 6f 70 2c 62 6f 74 74 6f 6d 3a 43 2e 62 6f 74 74 6f 6d 2d 77 2e 62 6f 74 74 6f 6d 2b 5f 2e 62 6f 74 74 6f 6d 2c 6c 65 66 74 3a 77 2e 6c 65 66 74 2d 43 2e 6c 65 66 74 2b 5f 2e 6c 65 66 74 2c 72 69 67 68 74 3a 43 2e 72 69 67 68 74 2d 77 2e 72 69
                                                                                                                                                                  Data Ascii: ements.popper),l,h,r),A=Gt(t.elements.reference),E=ke({reference:A,element:v,strategy:"absolute",placement:s}),T=Oe(Object.assign({},v,E)),C=u===Ct?T:A,O={top:w.top-C.top+_.top,bottom:C.bottom-w.bottom+_.bottom,left:w.left-C.left+_.left,right:C.right-w.ri
                                                                                                                                                                  2024-10-01 15:26:59 UTC8000INData Raw: 72 65 64 4d 6f 64 69 66 69 65 72 73 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 61 2e 6d 6f 64 69 66 69 65 72 73 44 61 74 61 5b 74 2e 6e 61 6d 65 5d 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 74 2e 64 61 74 61 29 7d 29 29 3b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 61 2e 6f 72 64 65 72 65 64 4d 6f 64 69 66 69 65 72 73 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 21 30 21 3d 3d 61 2e 72 65 73 65 74 29 7b 76 61 72 20 73 3d 61 2e 6f 72 64 65 72 65 64 4d 6f 64 69 66 69 65 72 73 5b 6e 5d 2c 6f 3d 73 2e 66 6e 2c 72 3d 73 2e 6f 70 74 69 6f 6e 73 2c 6c 3d 76 6f 69 64 20 30 3d 3d 3d 72 3f 7b 7d 3a 72 2c 64 3d 73 2e 6e 61 6d 65 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6f 26 26 28 61 3d 6f 28
                                                                                                                                                                  Data Ascii: redModifiers.forEach((function(t){return a.modifiersData[t.name]=Object.assign({},t.data)}));for(var n=0;n<a.orderedModifiers.length;n++)if(!0!==a.reset){var s=a.orderedModifiers[n],o=s.fn,r=s.options,l=void 0===r?{}:r,d=s.name;"function"==typeof o&&(a=o(
                                                                                                                                                                  2024-10-01 15:26:59 UTC8000INData Raw: 5f 61 70 70 6c 79 4d 61 6e 69 70 75 6c 61 74 69 6f 6e 43 61 6c 6c 62 61 63 6b 28 74 2c 28 74 3d 3e 7b 69 66 28 74 21 3d 3d 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 26 26 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 3e 74 2e 63 6c 69 65 6e 74 57 69 64 74 68 2b 6e 29 72 65 74 75 72 6e 3b 74 68 69 73 2e 5f 73 61 76 65 49 6e 69 74 69 61 6c 41 74 74 72 69 62 75 74 65 28 74 2c 65 29 3b 63 6f 6e 73 74 20 73 3d 77 69 6e 64 6f 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 74 29 2e 67 65 74 50 72 6f 70 65 72 74 79 56 61 6c 75 65 28 65 29 3b 74 2e 73 74 79 6c 65 2e 73 65 74 50 72 6f 70 65 72 74 79 28 65 2c 60 24 7b 69 28 4e 75 6d 62 65 72 2e 70 61 72 73 65 46 6c 6f 61 74 28 73 29 29 7d 70 78 60 29 7d 29 29 7d 5f 73 61 76 65 49 6e 69 74 69 61 6c 41 74
                                                                                                                                                                  Data Ascii: _applyManipulationCallback(t,(t=>{if(t!==this._element&&window.innerWidth>t.clientWidth+n)return;this._saveInitialAttribute(t,e);const s=window.getComputedStyle(t).getPropertyValue(e);t.style.setProperty(e,`${i(Number.parseFloat(s))}px`)}))}_saveInitialAt
                                                                                                                                                                  2024-10-01 15:26:59 UTC8000INData Raw: 70 65 28 29 7b 72 65 74 75 72 6e 20 46 69 7d 73 74 61 74 69 63 20 67 65 74 20 4e 41 4d 45 28 29 7b 72 65 74 75 72 6e 22 6f 66 66 63 61 6e 76 61 73 22 7d 74 6f 67 67 6c 65 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 69 73 53 68 6f 77 6e 3f 74 68 69 73 2e 68 69 64 65 28 29 3a 74 68 69 73 2e 73 68 6f 77 28 74 29 7d 73 68 6f 77 28 74 29 7b 74 68 69 73 2e 5f 69 73 53 68 6f 77 6e 7c 7c 50 2e 74 72 69 67 67 65 72 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 22 73 68 6f 77 2e 62 73 2e 6f 66 66 63 61 6e 76 61 73 22 2c 7b 72 65 6c 61 74 65 64 54 61 72 67 65 74 3a 74 7d 29 2e 64 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 7c 7c 28 74 68 69 73 2e 5f 69 73 53 68 6f 77 6e 3d 21 30 2c 74 68 69 73 2e 5f 62 61 63 6b 64 72 6f 70 2e 73 68 6f 77 28 29 2c 74 68 69 73
                                                                                                                                                                  Data Ascii: pe(){return Fi}static get NAME(){return"offcanvas"}toggle(t){return this._isShown?this.hide():this.show(t)}show(t){this._isShown||P.trigger(this._element,"show.bs.offcanvas",{relatedTarget:t}).defaultPrevented||(this._isShown=!0,this._backdrop.show(),this
                                                                                                                                                                  2024-10-01 15:26:59 UTC8000INData Raw: 62 79 22 2c 69 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3b 63 6f 6e 73 74 7b 63 6f 6e 74 61 69 6e 65 72 3a 6e 7d 3d 74 68 69 73 2e 5f 63 6f 6e 66 69 67 3b 69 66 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 74 69 70 29 7c 7c 28 6e 2e 61 70 70 65 6e 64 28 69 29 2c 50 2e 74 72 69 67 67 65 72 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 65 76 65 6e 74 4e 61 6d 65 28 22 69 6e 73 65 72 74 65 64 22 29 29 29 2c 74 68 69 73 2e 5f 70 6f 70 70 65 72 3d 74 68 69 73 2e 5f 63 72 65 61 74 65 50 6f 70 70 65 72 28 69 29 2c 69 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 74
                                                                                                                                                                  Data Ascii: by",i.getAttribute("id"));const{container:n}=this._config;if(this._element.ownerDocument.documentElement.contains(this.tip)||(n.append(i),P.trigger(this._element,this.constructor.eventName("inserted"))),this._popper=this._createPopper(i),i.classList.add(t
                                                                                                                                                                  2024-10-01 15:26:59 UTC8000INData Raw: 74 2e 74 61 72 67 65 74 29 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2c 74 2e 72 6f 6f 74 4d 61 72 67 69 6e 3d 74 2e 6f 66 66 73 65 74 3f 60 24 7b 74 2e 6f 66 66 73 65 74 7d 70 78 20 30 70 78 20 2d 33 30 25 60 3a 74 2e 72 6f 6f 74 4d 61 72 67 69 6e 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 2e 74 68 72 65 73 68 6f 6c 64 26 26 28 74 2e 74 68 72 65 73 68 6f 6c 64 3d 74 2e 74 68 72 65 73 68 6f 6c 64 2e 73 70 6c 69 74 28 22 2c 22 29 2e 6d 61 70 28 28 74 3d 3e 4e 75 6d 62 65 72 2e 70 61 72 73 65 46 6c 6f 61 74 28 74 29 29 29 29 2c 74 7d 5f 6d 61 79 62 65 45 6e 61 62 6c 65 53 6d 6f 6f 74 68 53 63 72 6f 6c 6c 28 29 7b 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 73 6d 6f 6f 74 68 53 63 72 6f 6c 6c 26 26 28 50 2e 6f 66 66 28 74 68 69 73 2e 5f 63 6f 6e
                                                                                                                                                                  Data Ascii: t.target)||document.body,t.rootMargin=t.offset?`${t.offset}px 0px -30%`:t.rootMargin,"string"==typeof t.threshold&&(t.threshold=t.threshold.split(",").map((t=>Number.parseFloat(t)))),t}_maybeEnableSmoothScroll(){this._config.smoothScroll&&(P.off(this._con


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  31192.168.2.45465367.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:59 UTC373OUTGET /imagenew20/soc004.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:59 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:23 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 720
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:59 UTC720INData Raw: 52 49 46 46 c8 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 c8 01 00 00 01 90 28 49 b2 69 5b 7d 6d db b6 7d ef b3 6d db b6 6d db b6 6d db b6 79 f0 6c db fd b0 b1 f6 fb 82 88 98 00 fc af 1d af 97 40 33 5d 49 0d 72 73 2d ee 33 50 03 e8 9f a7 72 35 e0 21 ae f6 9b c3 bf b2 30 eb d5 81 00 cc ef e4 b9 aa 81 3a 93 1b 3c 80 ba 9c f1 7e 95 1b f7 44 70 81 3a 0c 66 77 6c b9 8f 21 4f a3 1e ae 0a e1 04 01 cd d9 00 5b 0d 18 65 8c 78 24 a8 1d 9b 61 93 11 a3 0d 9a 6c d1 61 a4 21 f2 f1 ca 20 61 1b ee 61 c0 b3 e8 a7 0b 6d 39 51 40 0f b6 43 2b ae 78 b6 d3 e1 e6 a7 1d 1c 2f a0 ce ed ea c0 d2 8f 57 43 d0 e6 cc aa 2d 15 05 68 6b 9d bf 51 bd 3a d5 6b d7 ad 5b a7 46 ad ba 75 eb d6 a9 5b a7 5e a3 fc 66 0a 82 4f 51 e8 be 10 99 52 06 0a be
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPH(Ii[}m}mmmyl@3]Irs-3Pr5!0:<~Dp:fwl!O[ex$ala! aam9Q@C+x/WC-hkQ:k[Fu[^fOQR


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  32192.168.2.45465467.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:59 UTC604OUTGET /ntjs/cookie.notice.js HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:59 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Thu, 26 Sep 2024 05:39:03 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 2749
                                                                                                                                                                  Cache-Control: max-age=31536000, public, private
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: application/x-javascript
                                                                                                                                                                  2024-10-01 15:26:59 UTC2749INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 76 61 72 20 6f 3d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 4c 61 6e 67 75 61 67 65 7c 7c 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 29 2e 73 75 62 73 74 72 28 30 2c 32 29 3b 72 65 74 75 72 6e 20 65 5b 6f 5d 3f 65 5b 6f 5d 3a 65 2e 65 6e 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 2c 6f 29 7b 76 61 72 20 6e 3b 66 6f 72 28 6e 20 69 6e 20 6f 29 6f 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 6e 29 26 26 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 5b 6e 5d 3f 65 5b 6e 5d 3d 74 28 65 5b 6e 5d 2c 6f 5b 6e 5d 29 3a 65 5b 6e 5d 3d 6f 5b 6e 5d 29 3b 72 65 74 75 72 6e 20 65 7d 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e
                                                                                                                                                                  Data Ascii: !function(){var e;function o(e){var o=(navigator.userLanguage||navigator.language).substr(0,2);return e[o]?e[o]:e.en}function t(e,o){var n;for(n in o)o.hasOwnProperty(n)&&("object"==typeof e[n]?e[n]=t(e[n],o[n]):e[n]=o[n]);return e}document.addEventListen


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  33192.168.2.45465567.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:59 UTC373OUTGET /imagenew20/soc005.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:26:59 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 10 Apr 2024 07:14:17 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 650
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:26:59 UTC650INData Raw: 52 49 46 46 82 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 a3 01 00 00 01 90 64 6d db a1 47 4f d0 36 f6 60 63 05 3d d2 b0 10 3b f9 d1 b6 c7 b6 7b 64 a3 92 61 6d a0 6d db 1a c6 c6 3d a8 af 70 b2 82 88 98 00 0d ce 19 1b ef 3c fe fc a3 b1 29 fc df c7 97 77 56 4d 8b 70 b8 9b 44 3b 8f e5 18 86 5f 23 f1 eb 43 02 a7 81 b6 ab db d2 d5 ae ed 18 ad a2 ba d4 ce 7a 80 e3 92 a6 f4 c0 d7 79 4a 70 d1 37 60 8a b4 01 7a 66 2b f6 e4 4d 4b 34 a5 11 36 4b 1e 34 28 fe 6d 58 ac ab e0 49 af 60 57 c8 a8 ec 59 df 3f 5b 39 5c fa 01 1b b4 0d 1e 4b 1f 21 65 4a 7d c5 f8 ae 44 cb df de 1a a7 0c 7c 91 fe 41 9d 61 15 11 57 29 58 09 3f a5 56 28 0a d8 00 f7 f6 1e 7e 0c 50 12 70 a1 51 6a 02 4b d2 d0 6f d0 57 26 49 c5 7d f0 7f ac 24 1b 9a 0d 8e a4
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPHdmGO6`c=;{damm=p<)wVMpD;_#CzyJp7`zf+MK46K4(mXI`WY?[9\K!eJ}D|AaW)X?V(~PpQjKoW&I}$


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  34192.168.2.454656184.28.90.27443
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:59 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                  Range: bytes=0-2147483646
                                                                                                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                                                                                                  Host: fs.microsoft.com
                                                                                                                                                                  2024-10-01 15:26:59 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                  ApiVersion: Distribute 1.1
                                                                                                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                  Server: ECAcc (lpl/EF06)
                                                                                                                                                                  X-CID: 11
                                                                                                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                  X-Ms-Region: prod-weu-z1
                                                                                                                                                                  Cache-Control: public, max-age=177475
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:26:59 GMT
                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                  Connection: close
                                                                                                                                                                  X-CID: 2
                                                                                                                                                                  2024-10-01 15:26:59 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  35192.168.2.45465767.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:59 UTC604OUTGET /jsnew/customscript.js HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:00 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Sep 2024 05:02:02 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 1561
                                                                                                                                                                  Cache-Control: max-age=31536000, public, private
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: application/x-javascript
                                                                                                                                                                  2024-10-01 15:27:00 UTC1561INData Raw: 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 24 28 77 69 6e 64 6f 77 29 2e 73 63 72 6f 6c 6c 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 24 28 74 68 69 73 29 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 3e 35 38 30 3f 28 24 28 22 2e 74 6f 2d 74 6f 70 22 29 2e 61 64 64 43 6c 61 73 73 28 22 79 65 73 73 73 68 6f 77 22 29 2c 24 28 22 2e 73 74 69 63 6b 79 22 29 2e 61 64 64 43 6c 61 73 73 28 22 63 68 65 6d 75 22 29 29 3a 28 24 28 22 2e 74 6f 2d 74 6f 70 22 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 79 65 73 73 73 68 6f 77 22 29 2c 24 28 22 2e 73 74 69 63 6b 79 22 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 63 68 65 6d 75 22 29 29 7d 29 29 2c 24 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 24 28 22 73 70 61 6e 2e 73 74 61 72 73 41 6c
                                                                                                                                                                  Data Ascii: $(document).ready((function(){$(window).scroll((function(){$(this).scrollTop()>580?($(".to-top").addClass("yessshow"),$(".sticky").addClass("chemu")):($(".to-top").removeClass("yessshow"),$(".sticky").removeClass("chemu"))})),$((function(){$("span.starsAl


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  36192.168.2.45465867.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:59 UTC369OUTGET /imagenew/dmca.webp HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:00 UTC524INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Thu, 17 Feb 2022 14:11:45 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 988
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Vary: User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/webp
                                                                                                                                                                  2024-10-01 15:27:00 UTC988INData Raw: 52 49 46 46 d4 03 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 8f 00 00 17 00 00 41 4c 50 48 7f 00 00 00 11 27 20 20 21 fe af 95 03 dc 88 88 78 12 b0 22 db 76 15 f5 46 c1 7e 35 06 08 4e f0 ef ea 25 38 4c fa 8c e8 ff 04 dc df f9 b8 4f 7e 5e bc f1 cb e4 eb 3f 50 36 42 2a 34 aa 82 20 3a a5 34 10 6a 3b 36 eb e8 80 fd 7a f3 a0 97 f6 e3 8a 3a 3b ad c4 3a 10 4a f4 3b f0 61 d1 1e d8 9e d1 d5 72 68 9d 4f 38 d8 e5 88 71 45 77 16 5b 45 d4 2c 81 44 1d 8d 92 55 06 4d fd 07 b9 bf f3 71 9f fc 04 00 56 50 38 20 2e 03 00 00 30 11 00 9d 01 2a 90 00 18 00 3e a9 3a 93 44 23 21 8c e5 d3 6c 19 85 42 78 c0 33 42 40 0d 65 6f 01 c5 50 f1 e2 8c de 50 1c 9e f9 57 b5 63 dc ab 9f d4 53 f2 df f3 7e 05 7f d8 7a 21 f4 df d0 07 ec 37 18 37 55 f4 28 ff 91 e6 27 ea af f9 65 89 fb
                                                                                                                                                                  Data Ascii: RIFFWEBPVP8XALPH' !x"vF~5N%8LO~^?P6B*4 :4j;6z:;:J;arhO8qEw[E,DUMqVP8 .0*>:D#!lBx3B@eoPPWcS~z!77U('e


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  37192.168.2.45465967.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:59 UTC372OUTGET /ntjs/cookie.notice.js HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:00 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Thu, 26 Sep 2024 05:39:03 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 2749
                                                                                                                                                                  Cache-Control: max-age=31536000, public, private
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: application/x-javascript
                                                                                                                                                                  2024-10-01 15:27:00 UTC2749INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 76 61 72 20 6f 3d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 4c 61 6e 67 75 61 67 65 7c 7c 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 29 2e 73 75 62 73 74 72 28 30 2c 32 29 3b 72 65 74 75 72 6e 20 65 5b 6f 5d 3f 65 5b 6f 5d 3a 65 2e 65 6e 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 2c 6f 29 7b 76 61 72 20 6e 3b 66 6f 72 28 6e 20 69 6e 20 6f 29 6f 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 6e 29 26 26 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 5b 6e 5d 3f 65 5b 6e 5d 3d 74 28 65 5b 6e 5d 2c 6f 5b 6e 5d 29 3a 65 5b 6e 5d 3d 6f 5b 6e 5d 29 3b 72 65 74 75 72 6e 20 65 7d 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e
                                                                                                                                                                  Data Ascii: !function(){var e;function o(e){var o=(navigator.userLanguage||navigator.language).substr(0,2);return e[o]?e[o]:e.en}function t(e,o){var n;for(n in o)o.hasOwnProperty(n)&&("object"==typeof e[n]?e[n]=t(e[n],o[n]):e[n]=o[n]);return e}document.addEventListen


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  38192.168.2.45466167.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:26:59 UTC384OUTGET /jsnew/bootstrap.bundleV5.2.min.js HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:00 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Fri, 03 Feb 2023 07:15:49 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 80134
                                                                                                                                                                  Cache-Control: max-age=31536000, public, private
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: application/x-javascript
                                                                                                                                                                  2024-10-01 15:27:00 UTC7635INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 65 29 3a 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 7c 7c 73 65 6c 66 29 2e 62 6f 6f 74 73 74 72 61 70 3d 65 28 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 63 6f 6e 73 74 20 74 3d 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e
                                                                                                                                                                  Data Ascii: !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).bootstrap=e()}(this,(function(){"use strict";const t="transitionen
                                                                                                                                                                  2024-10-01 15:27:00 UTC8000INData Raw: 2c 65 29 7b 73 75 70 65 72 28 29 2c 28 74 3d 72 28 74 29 29 26 26 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 74 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 3d 74 68 69 73 2e 5f 67 65 74 43 6f 6e 66 69 67 28 65 29 2c 48 2e 73 65 74 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 44 41 54 41 5f 4b 45 59 2c 74 68 69 73 29 29 7d 64 69 73 70 6f 73 65 28 29 7b 48 2e 72 65 6d 6f 76 65 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 44 41 54 41 5f 4b 45 59 29 2c 50 2e 6f 66 66 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 45 56 45 4e 54 5f 4b 45 59 29 3b 66 6f 72 28 63 6f 6e 73 74 20 74 20 6f 66 20 4f 62 6a 65 63 74 2e 67
                                                                                                                                                                  Data Ascii: ,e){super(),(t=r(t))&&(this._element=t,this._config=this._getConfig(e),H.set(this._element,this.constructor.DATA_KEY,this))}dispose(){H.remove(this._element,this.constructor.DATA_KEY),P.off(this._element,this.constructor.EVENT_KEY);for(const t of Object.g
                                                                                                                                                                  2024-10-01 15:27:00 UTC8000INData Raw: 74 69 76 65 49 6e 64 69 63 61 74 6f 72 45 6c 65 6d 65 6e 74 28 6f 29 2c 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3d 73 3b 63 6f 6e 73 74 20 6c 3d 6e 3f 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 73 74 61 72 74 22 3a 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 65 6e 64 22 2c 63 3d 6e 3f 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 6e 65 78 74 22 3a 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 70 72 65 76 22 3b 73 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 63 29 2c 64 28 73 29 2c 69 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 6c 29 2c 73 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 6c 29 2c 74 68 69 73 2e 5f 71 75 65 75 65 43 61 6c 6c 62 61 63 6b 28 28 28 29 3d 3e 7b 73 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 6c 2c 63 29
                                                                                                                                                                  Data Ascii: tiveIndicatorElement(o),this._activeElement=s;const l=n?"carousel-item-start":"carousel-item-end",c=n?"carousel-item-next":"carousel-item-prev";s.classList.add(c),d(s),i.classList.add(l),s.classList.add(l),this._queueCallback((()=>{s.classList.remove(l,c)
                                                                                                                                                                  2024-10-01 15:27:00 UTC8000INData Raw: 74 28 74 29 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 65 65 28 74 29 7b 72 65 74 75 72 6e 5b 22 74 61 62 6c 65 22 2c 22 74 64 22 2c 22 74 68 22 5d 2e 69 6e 64 65 78 4f 66 28 57 74 28 74 29 29 3e 3d 30 7d 66 75 6e 63 74 69 6f 6e 20 69 65 28 74 29 7b 72 65 74 75 72 6e 28 28 46 74 28 74 29 3f 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3a 74 2e 64 6f 63 75 6d 65 6e 74 29 7c 7c 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 7d 66 75 6e 63 74 69 6f 6e 20 6e 65 28 74 29 7b 72 65 74 75 72 6e 22 68 74 6d 6c 22 3d 3d 3d 57 74 28 74 29 3f 74 3a 74 2e 61 73 73 69 67 6e 65 64 53 6c 6f 74 7c 7c 74 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 28 71 74 28 74 29 3f 74 2e 68 6f 73
                                                                                                                                                                  Data Ascii: t(t).getComputedStyle(t)}function ee(t){return["table","td","th"].indexOf(Wt(t))>=0}function ie(t){return((Ft(t)?t.ownerDocument:t.document)||window.document).documentElement}function ne(t){return"html"===Wt(t)?t:t.assignedSlot||t.parentNode||(qt(t)?t.hos
                                                                                                                                                                  2024-10-01 15:27:00 UTC8000INData Raw: 65 6d 65 6e 74 73 2e 70 6f 70 70 65 72 29 2c 6c 2c 68 2c 72 29 2c 41 3d 47 74 28 74 2e 65 6c 65 6d 65 6e 74 73 2e 72 65 66 65 72 65 6e 63 65 29 2c 45 3d 6b 65 28 7b 72 65 66 65 72 65 6e 63 65 3a 41 2c 65 6c 65 6d 65 6e 74 3a 76 2c 73 74 72 61 74 65 67 79 3a 22 61 62 73 6f 6c 75 74 65 22 2c 70 6c 61 63 65 6d 65 6e 74 3a 73 7d 29 2c 54 3d 4f 65 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 76 2c 45 29 29 2c 43 3d 75 3d 3d 3d 43 74 3f 54 3a 41 2c 4f 3d 7b 74 6f 70 3a 77 2e 74 6f 70 2d 43 2e 74 6f 70 2b 5f 2e 74 6f 70 2c 62 6f 74 74 6f 6d 3a 43 2e 62 6f 74 74 6f 6d 2d 77 2e 62 6f 74 74 6f 6d 2b 5f 2e 62 6f 74 74 6f 6d 2c 6c 65 66 74 3a 77 2e 6c 65 66 74 2d 43 2e 6c 65 66 74 2b 5f 2e 6c 65 66 74 2c 72 69 67 68 74 3a 43 2e 72 69 67 68 74 2d 77 2e 72 69
                                                                                                                                                                  Data Ascii: ements.popper),l,h,r),A=Gt(t.elements.reference),E=ke({reference:A,element:v,strategy:"absolute",placement:s}),T=Oe(Object.assign({},v,E)),C=u===Ct?T:A,O={top:w.top-C.top+_.top,bottom:C.bottom-w.bottom+_.bottom,left:w.left-C.left+_.left,right:C.right-w.ri
                                                                                                                                                                  2024-10-01 15:27:00 UTC8000INData Raw: 72 65 64 4d 6f 64 69 66 69 65 72 73 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 61 2e 6d 6f 64 69 66 69 65 72 73 44 61 74 61 5b 74 2e 6e 61 6d 65 5d 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 74 2e 64 61 74 61 29 7d 29 29 3b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 61 2e 6f 72 64 65 72 65 64 4d 6f 64 69 66 69 65 72 73 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 21 30 21 3d 3d 61 2e 72 65 73 65 74 29 7b 76 61 72 20 73 3d 61 2e 6f 72 64 65 72 65 64 4d 6f 64 69 66 69 65 72 73 5b 6e 5d 2c 6f 3d 73 2e 66 6e 2c 72 3d 73 2e 6f 70 74 69 6f 6e 73 2c 6c 3d 76 6f 69 64 20 30 3d 3d 3d 72 3f 7b 7d 3a 72 2c 64 3d 73 2e 6e 61 6d 65 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6f 26 26 28 61 3d 6f 28
                                                                                                                                                                  Data Ascii: redModifiers.forEach((function(t){return a.modifiersData[t.name]=Object.assign({},t.data)}));for(var n=0;n<a.orderedModifiers.length;n++)if(!0!==a.reset){var s=a.orderedModifiers[n],o=s.fn,r=s.options,l=void 0===r?{}:r,d=s.name;"function"==typeof o&&(a=o(
                                                                                                                                                                  2024-10-01 15:27:00 UTC8000INData Raw: 5f 61 70 70 6c 79 4d 61 6e 69 70 75 6c 61 74 69 6f 6e 43 61 6c 6c 62 61 63 6b 28 74 2c 28 74 3d 3e 7b 69 66 28 74 21 3d 3d 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 26 26 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 3e 74 2e 63 6c 69 65 6e 74 57 69 64 74 68 2b 6e 29 72 65 74 75 72 6e 3b 74 68 69 73 2e 5f 73 61 76 65 49 6e 69 74 69 61 6c 41 74 74 72 69 62 75 74 65 28 74 2c 65 29 3b 63 6f 6e 73 74 20 73 3d 77 69 6e 64 6f 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 74 29 2e 67 65 74 50 72 6f 70 65 72 74 79 56 61 6c 75 65 28 65 29 3b 74 2e 73 74 79 6c 65 2e 73 65 74 50 72 6f 70 65 72 74 79 28 65 2c 60 24 7b 69 28 4e 75 6d 62 65 72 2e 70 61 72 73 65 46 6c 6f 61 74 28 73 29 29 7d 70 78 60 29 7d 29 29 7d 5f 73 61 76 65 49 6e 69 74 69 61 6c 41 74
                                                                                                                                                                  Data Ascii: _applyManipulationCallback(t,(t=>{if(t!==this._element&&window.innerWidth>t.clientWidth+n)return;this._saveInitialAttribute(t,e);const s=window.getComputedStyle(t).getPropertyValue(e);t.style.setProperty(e,`${i(Number.parseFloat(s))}px`)}))}_saveInitialAt
                                                                                                                                                                  2024-10-01 15:27:00 UTC8000INData Raw: 70 65 28 29 7b 72 65 74 75 72 6e 20 46 69 7d 73 74 61 74 69 63 20 67 65 74 20 4e 41 4d 45 28 29 7b 72 65 74 75 72 6e 22 6f 66 66 63 61 6e 76 61 73 22 7d 74 6f 67 67 6c 65 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 69 73 53 68 6f 77 6e 3f 74 68 69 73 2e 68 69 64 65 28 29 3a 74 68 69 73 2e 73 68 6f 77 28 74 29 7d 73 68 6f 77 28 74 29 7b 74 68 69 73 2e 5f 69 73 53 68 6f 77 6e 7c 7c 50 2e 74 72 69 67 67 65 72 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 22 73 68 6f 77 2e 62 73 2e 6f 66 66 63 61 6e 76 61 73 22 2c 7b 72 65 6c 61 74 65 64 54 61 72 67 65 74 3a 74 7d 29 2e 64 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 7c 7c 28 74 68 69 73 2e 5f 69 73 53 68 6f 77 6e 3d 21 30 2c 74 68 69 73 2e 5f 62 61 63 6b 64 72 6f 70 2e 73 68 6f 77 28 29 2c 74 68 69 73
                                                                                                                                                                  Data Ascii: pe(){return Fi}static get NAME(){return"offcanvas"}toggle(t){return this._isShown?this.hide():this.show(t)}show(t){this._isShown||P.trigger(this._element,"show.bs.offcanvas",{relatedTarget:t}).defaultPrevented||(this._isShown=!0,this._backdrop.show(),this
                                                                                                                                                                  2024-10-01 15:27:00 UTC8000INData Raw: 62 79 22 2c 69 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3b 63 6f 6e 73 74 7b 63 6f 6e 74 61 69 6e 65 72 3a 6e 7d 3d 74 68 69 73 2e 5f 63 6f 6e 66 69 67 3b 69 66 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 74 69 70 29 7c 7c 28 6e 2e 61 70 70 65 6e 64 28 69 29 2c 50 2e 74 72 69 67 67 65 72 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 65 76 65 6e 74 4e 61 6d 65 28 22 69 6e 73 65 72 74 65 64 22 29 29 29 2c 74 68 69 73 2e 5f 70 6f 70 70 65 72 3d 74 68 69 73 2e 5f 63 72 65 61 74 65 50 6f 70 70 65 72 28 69 29 2c 69 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 74
                                                                                                                                                                  Data Ascii: by",i.getAttribute("id"));const{container:n}=this._config;if(this._element.ownerDocument.documentElement.contains(this.tip)||(n.append(i),P.trigger(this._element,this.constructor.eventName("inserted"))),this._popper=this._createPopper(i),i.classList.add(t
                                                                                                                                                                  2024-10-01 15:27:00 UTC8000INData Raw: 74 2e 74 61 72 67 65 74 29 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2c 74 2e 72 6f 6f 74 4d 61 72 67 69 6e 3d 74 2e 6f 66 66 73 65 74 3f 60 24 7b 74 2e 6f 66 66 73 65 74 7d 70 78 20 30 70 78 20 2d 33 30 25 60 3a 74 2e 72 6f 6f 74 4d 61 72 67 69 6e 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 2e 74 68 72 65 73 68 6f 6c 64 26 26 28 74 2e 74 68 72 65 73 68 6f 6c 64 3d 74 2e 74 68 72 65 73 68 6f 6c 64 2e 73 70 6c 69 74 28 22 2c 22 29 2e 6d 61 70 28 28 74 3d 3e 4e 75 6d 62 65 72 2e 70 61 72 73 65 46 6c 6f 61 74 28 74 29 29 29 29 2c 74 7d 5f 6d 61 79 62 65 45 6e 61 62 6c 65 53 6d 6f 6f 74 68 53 63 72 6f 6c 6c 28 29 7b 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 73 6d 6f 6f 74 68 53 63 72 6f 6c 6c 26 26 28 50 2e 6f 66 66 28 74 68 69 73 2e 5f 63 6f 6e
                                                                                                                                                                  Data Ascii: t.target)||document.body,t.rootMargin=t.offset?`${t.offset}px 0px -30%`:t.rootMargin,"string"==typeof t.threshold&&(t.threshold=t.threshold.split(",").map((t=>Number.parseFloat(t)))),t}_maybeEnableSmoothScroll(){this._config.smoothScroll&&(P.off(this._con


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  39192.168.2.45466467.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:00 UTC684OUTGET /imagenew20/what-makes-effect-bg.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/cssnew/freeware-download.css
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1
                                                                                                                                                                  2024-10-01 15:27:00 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Fri, 29 Sep 2023 06:17:03 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 1072
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:27:00 UTC1072INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0d 00 00 00 0d 08 06 00 00 00 72 eb e4 7c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 85 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 37 37 37 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 33 3a 35 37 3a
                                                                                                                                                                  Data Ascii: PNGIHDRr|tEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899777, 2023/06/25-23:57:


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  40192.168.2.45466267.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:00 UTC372OUTGET /jsnew/customscript.js HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:00 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 23 Sep 2024 05:02:02 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 1561
                                                                                                                                                                  Cache-Control: max-age=31536000, public, private
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: application/x-javascript
                                                                                                                                                                  2024-10-01 15:27:00 UTC1561INData Raw: 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 24 28 77 69 6e 64 6f 77 29 2e 73 63 72 6f 6c 6c 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 24 28 74 68 69 73 29 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 3e 35 38 30 3f 28 24 28 22 2e 74 6f 2d 74 6f 70 22 29 2e 61 64 64 43 6c 61 73 73 28 22 79 65 73 73 73 68 6f 77 22 29 2c 24 28 22 2e 73 74 69 63 6b 79 22 29 2e 61 64 64 43 6c 61 73 73 28 22 63 68 65 6d 75 22 29 29 3a 28 24 28 22 2e 74 6f 2d 74 6f 70 22 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 79 65 73 73 73 68 6f 77 22 29 2c 24 28 22 2e 73 74 69 63 6b 79 22 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 63 68 65 6d 75 22 29 29 7d 29 29 2c 24 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 24 28 22 73 70 61 6e 2e 73 74 61 72 73 41 6c
                                                                                                                                                                  Data Ascii: $(document).ready((function(){$(window).scroll((function(){$(this).scrollTop()>580?($(".to-top").addClass("yessshow"),$(".sticky").addClass("chemu")):($(".to-top").removeClass("yessshow"),$(".sticky").removeClass("chemu"))})),$((function(){$("span.starsAl


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  41192.168.2.45466367.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:00 UTC690OUTGET /imagenew20/bnr-thanku.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1
                                                                                                                                                                  2024-10-01 15:27:00 UTC507INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Thu, 19 Nov 2020 03:55:12 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 32339
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:00 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:27:00 UTC7685INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 86 00 00 01 04 08 03 00 00 00 1b 26 63 04 00 00 03 00 50 4c 54 45 ca cf c7 c8 c9 c6 6c 5f 4c 55 50 44 98 89 79 02 01 02 04 03 02 84 6e 52 1a 23 31 03 02 02 4b 53 53 41 44 43 7b 6a 55 2f 2e 2b 44 4b 4c b2 ab 9c 7a 65 51 b6 ae 9f 3b 33 2c 77 5a 45 34 34 33 0f 0e 0b 33 34 33 aa 6e 42 32 33 33 33 29 23 95 86 71 30 30 30 25 1d 18 a9 a1 92 0b 0d 08 a1 9c 99 a1 97 8b e3 e2 d2 a0 99 94 f2 f2 e7 c6 be b4 17 18 0b 42 38 32 c1 b9 ae 2a 2b 2b 13 12 08 1c 2e 15 e1 e6 e8 12 18 0c de e3 e5 a1 91 79 4a 40 38 af a5 92 dc e1 e4 1e 2f 14 dd e2 e4 1b 22 06 1e 2d 12 2d 3d 1a e3 e9 eb c6 bd b6 ca c2 bc 64 48 3b 70 4f 41 11 12 0c 66 48 3b db df e2 21 2b 39 5b 3f 36 dd e2 e4 27 33 0b 6c 4f 42 e6 ec ee 21 2b 10 c8 c0 b9 6a
                                                                                                                                                                  Data Ascii: PNGIHDR&cPLTEl_LUPDynR#1KSSADC{jU/.+DKLzeQ;3,wZE443343nB2333)#q000%B82*++.yJ@8/"--=dH;pOAfH;!+9[?6'3lOB!+j
                                                                                                                                                                  2024-10-01 15:27:01 UTC8000INData Raw: 86 97 bc 0d 32 24 ea 04 76 18 6d 8b 7d 67 29 80 01 0e eb 1b 3b b5 46 ad 56 e7 59 59 b4 73 54 a4 d5 4e c6 38 82 0f 45 78 e1 18 06 44 6e 98 fd 23 54 e4 24 96 94 4a cc f1 16 8e 6d 50 65 d7 72 79 af 73 e5 77 ff f7 01 4c f7 ad bd c8 ce 31 c1 d0 f4 bc cf 19 fa 86 60 6e 70 51 a9 39 86 13 fa 06 10 3c f3 e9 a7 9f c2 c1 80 40 3e 10 60 10 0e 16 c3 cb 7e 37 b8 2e 1a 0a 60 80 02 18 ac 1b 5a f0 82 aa 35 2a 51 a9 2d d6 2f 10 8c 1b 94 03 91 a9 de a8 c3 01 43 cc d8 8e 2d 23 32 d7 b0 30 72 e7 c7 75 71 cd 04 25 f6 02 84 39 7f cb 81 e9 a8 c1 f0 a7 26 72 a7 8c 62 d8 5b f8 c1 af d9 dd f5 77 2a ba 28 9d 9d 72 d0 a6 e5 50 35 ff d3 d3 63 80 c3 71 37 a0 93 dd e0 92 03 c7 d3 fd 41 09 3d f4 ed b7 34 d0 a2 cb bb 21 e2 77 c3 e0 a4 70 78 b9 cb 60 30 6d 43 30 45 43 41 65 31 b8 14 dd c2
                                                                                                                                                                  Data Ascii: 2$vm}g);FVYYsTN8ExDn#T$JmPeryswL1`npQ9<@>`~7.`Z5*Q-/C-#20ruq%9&rb[w*(rP5cq7A=4!wpx`0mC0ECAe1
                                                                                                                                                                  2024-10-01 15:27:01 UTC8000INData Raw: c3 e0 2e b6 72 53 7b 77 13 1b 4c 02 a0 5e c6 1e df 60 15 02 b3 02 14 14 1b 34 20 73 1b 24 c0 c0 97 72 a5 e2 3b 34 b0 a7 67 27 41 da d7 d1 25 c6 41 12 07 dd 58 22 0b 88 84 fa 19 97 2b 58 74 81 04 e5 fe 58 9e eb ee 6d 3a fa cc 33 f7 9c ee 23 81 65 4b 74 8e dd e6 ba ce 98 96 a8 05 ca 8a c1 1e cb 54 0b 21 18 87 15 be 33 e4 84 56 48 7d e1 30 58 97 0b 0f 9f a2 8a d3 b1 e8 cb b8 51 0c 0a da 7d 4b 6b 51 fa 3a c0 80 86 eb 2d 48 8f 0c 8f 64 17 fb 16 e5 86 f4 30 6f b3 fc ba e6 6c e7 c4 b4 69 72 ab 18 e4 86 8b 7d 6c 90 fe 31 44 0b c3 0d 37 7b 0c 50 a0 88 36 0c 8c 02 20 30 b8 18 ad 06 ab 86 63 ac 74 00 84 48 d0 5d 7d e9 7a fd d0 cd 31 70 50 f9 06 82 b7 89 d3 92 c2 82 57 89 15 d1 fb de 2c f5 e1 19 55 f1 54 de 52 d2 82 6e 6f 51 88 16 07 30 00 41 66 78 6f b0 a7 bb 29 76
                                                                                                                                                                  Data Ascii: .rS{wL^`4 s$r;4g'A%AX"+XtXm:3#eKtT!3VH}0XQ}KkQ:-Hd0olir}l1D7{P6 0ctH]}z1pPW,UTRnoQ0Afxo)v
                                                                                                                                                                  2024-10-01 15:27:01 UTC8000INData Raw: a2 0b ab 2b 90 e1 0b c3 f0 1e 7d fa e0 7a 3a 1f c3 e2 45 4e 21 63 c8 6e 08 d9 20 37 b8 1d 42 46 e7 6c a8 76 a0 14 dd 62 b8 19 34 22 89 0c a1 4c c6 8e 9a 0a d5 0b 4a 06 d7 c8 ee 80 78 b3 a8 9a c1 21 64 1a 48 0c 1c 83 28 64 0c 21 19 32 86 6e a1 cb 16 5f c3 70 42 6e 98 fb 1e 56 a7 90 31 cc 77 c3 04 85 2e 1d 36 a5 ee 6d 5a 36 d4 aa b4 f3 ca c5 a8 ea 07 1e ee 06 66 02 51 9f bc 79 2e 14 0c 83 bb 61 b7 95 24 c7 e0 5e d0 e6 db 74 89 42 83 50 28 e4 b2 93 af 0a 0d 18 c4 0f 0d 90 30 50 93 c0 a0 7d d5 54 94 32 05 30 2c ca 18 24 ef de 66 2c 95 d0 3e 40 78 48 a7 8c ce 65 69 db ce 6d 84 f4 75 dc d0 0f 75 89 11 34 13 c5 e9 6b 13 dd b3 28 30 5d 27 76 df 3c 79 15 35 0c e5 c7 7d c8 30 0c 42 c1 cc 72 2b 38 85 8c 61 22 a5 93 1b 8c 20 2a 18 3e e8 3f 19 f0 ad 0a a0 1e 09 43 86
                                                                                                                                                                  Data Ascii: +}z:EN!cn 7BFlvb4"LJx!dH(d!2n_pBnV1w.6mZ6fQy.a$^tBP(0P}T20,$f,>@xHeimuu4k(0]'v<y5}0Br+8a" *>?C
                                                                                                                                                                  2024-10-01 15:27:01 UTC654INData Raw: 20 58 0e c2 11 84 39 e4 90 82 01 15 2c 95 41 ed 58 a7 b3 01 0e 67 f8 0d e2 51 1b 9d 83 40 04 07 86 73 18 d5 a4 42 81 d5 38 40 20 65 74 80 30 14 02 71 c9 f6 d1 02 e1 0c 90 30 f0 37 63 b0 c7 42 fe d2 60 0e bd 77 6e 87 50 70 08 6d 3a 0b e6 04 86 89 6c 28 35 a9 42 10 85 f1 21 2b 10 f2 23 dd 00 b0 11 14 60 c0 42 4a 06 a7 10 55 29 50 60 04 56 9c 72 f7 8d 34 33 d5 25 4f e6 b8 c9 93 38 14 b5 70 36 3b b8 3e ee ad 77 8f 01 27 f8 05 0e 4a 0a 3c d2 3f e6 4e a9 9a 61 fa 89 6e 66 09 e9 ba 8f 76 e1 85 e6 06 ef 95 06 33 30 55 95 18 bd 28 bd f0 68 c8 76 80 02 ca 1b b8 91 25 32 05 a6 1d ee c5 ad 86 c5 e8 d9 a4 8a 81 e1 1b 6b 3e d8 65 e7 a7 1a 6b 08 e4 b2 84 a0 20 22 d5 0d e9 f3 d4 09 6b 4d e8 5a 92 02 43 df 48 9f c1 0d 0d 82 ec 00 02 d7 c0 a0 95 24 b9 41 db 68 1f aa 49 c1
                                                                                                                                                                  Data Ascii: X9,AXgQ@sB8@ et0q07cB`wnPpm:l(5B!+#`BJU)P`Vr43%O8p6;>w'J<?Nanfv30U(hv%2k>ek "kMZCH$AhI


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  42192.168.2.45466767.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:01 UTC708OUTGET /imagenew20/prod-spr-El.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/cssnew/menu-update-2023.css
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
                                                                                                                                                                  2024-10-01 15:27:01 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:01 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 27 May 2024 09:54:40 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 9911
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:01 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:27:01 UTC7686INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 64 00 00 00 33 08 06 00 00 00 a0 e7 72 db 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 0e a1 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 32 20 37 39 2e 61 36 61 36 33 39 36 2c 20 32 30 32 34 2f 30 33 2f 31 32 2d 30 37 3a 34 38 3a 32 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDRd3rpHYsiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c002 79.a6a6396, 2024/03/12-07:48:23 "> <rdf:R
                                                                                                                                                                  2024-10-01 15:27:01 UTC2225INData Raw: 07 06 cb 15 bb 9b 3b 05 74 08 fc df 0e 07 a0 a9 8b e4 e8 0e 7e 98 57 cb 4e 82 ce e3 cf 39 4a 77 3b ae 9b 50 ea c4 56 66 60 08 26 3e f3 45 74 1e 07 7b 4c 62 2b 39 60 71 c0 e1 de 71 30 e6 0d 58 78 4f df bb c9 b8 1f 07 68 f3 7e bd 17 7a 28 87 29 18 cf d0 33 df 83 67 be 5b b9 76 8e 7e 1f c2 f1 19 c3 0e 68 82 ca 15 62 c8 df 10 ab 2b 22 93 e4 10 3a 84 26 83 16 ae 9d 34 2c f3 23 f8 e4 76 72 d4 b3 5d 8c 79 72 5b b4 3c e5 47 25 47 d3 60 ac 81 58 fb f2 61 09 c6 33 0a 78 07 78 0e 2d 4b bc 92 cc 7c 9e 9e 11 ef e8 b6 40 cf e9 10 3a 2e de 62 93 ff fb 08 1d e3 e7 cc ee 0b 7e 29 c0 b7 48 9f 83 8e 92 b1 ee 85 c8 af 36 20 ab 2c b6 57 20 c0 1d 80 f4 11 ef 89 b9 49 9c 3a 04 b0 a5 b4 50 3b 06 bd 6d 09 0d b8 99 c2 1e f9 3c 9e 68 33 e9 e9 43 b8 5b 66 c0 be 77 a1 c3 19 8d 8d 06
                                                                                                                                                                  Data Ascii: ;t~WN9Jw;PVf`&>Et{Lb+9`qq0XxOh~z()3g[v~hb+":&4,#vr]yr[<G%G`Xa3xx-K|@:.b~)H6 ,W I:P;m<h3C[fw


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  43192.168.2.45466967.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:01 UTC705OUTGET /imagenew20/arw-menu.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/cssnew/menu-update-2023.css
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
                                                                                                                                                                  2024-10-01 15:27:02 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:01 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Thu, 13 Oct 2022 13:05:35 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 1069
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:01 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:27:02 UTC1069INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 08 00 00 00 05 08 06 00 00 00 78 91 ad 55 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 6a 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 37 2e 32 2d 63 30 30 30 20 37 39 2e 31 62 36 35 61 37 39 62 34 2c 20 32 30 32 32 2f 30 36 2f 31 33 2d 32 32 3a 30 31 3a 30
                                                                                                                                                                  Data Ascii: PNGIHDRxUtEXtSoftwareAdobe ImageReadyqe<jiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  44192.168.2.45466867.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:01 UTC442OUTGET /imagenew20/what-makes-effect-bg.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
                                                                                                                                                                  2024-10-01 15:27:02 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:01 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Fri, 29 Sep 2023 06:17:03 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 1072
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:01 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:27:02 UTC1072INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0d 00 00 00 0d 08 06 00 00 00 72 eb e4 7c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 85 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 31 34 36 32 38 39 39 37 37 37 2c 20 32 30 32 33 2f 30 36 2f 32 35 2d 32 33 3a 35 37 3a
                                                                                                                                                                  Data Ascii: PNGIHDRr|tEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899777, 2023/06/25-23:57:


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  45192.168.2.45467067.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:01 UTC432OUTGET /imagenew20/bnr-thanku.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
                                                                                                                                                                  2024-10-01 15:27:02 UTC507INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:01 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Thu, 19 Nov 2020 03:55:12 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 32339
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:01 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:27:02 UTC7685INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 86 00 00 01 04 08 03 00 00 00 1b 26 63 04 00 00 03 00 50 4c 54 45 ca cf c7 c8 c9 c6 6c 5f 4c 55 50 44 98 89 79 02 01 02 04 03 02 84 6e 52 1a 23 31 03 02 02 4b 53 53 41 44 43 7b 6a 55 2f 2e 2b 44 4b 4c b2 ab 9c 7a 65 51 b6 ae 9f 3b 33 2c 77 5a 45 34 34 33 0f 0e 0b 33 34 33 aa 6e 42 32 33 33 33 29 23 95 86 71 30 30 30 25 1d 18 a9 a1 92 0b 0d 08 a1 9c 99 a1 97 8b e3 e2 d2 a0 99 94 f2 f2 e7 c6 be b4 17 18 0b 42 38 32 c1 b9 ae 2a 2b 2b 13 12 08 1c 2e 15 e1 e6 e8 12 18 0c de e3 e5 a1 91 79 4a 40 38 af a5 92 dc e1 e4 1e 2f 14 dd e2 e4 1b 22 06 1e 2d 12 2d 3d 1a e3 e9 eb c6 bd b6 ca c2 bc 64 48 3b 70 4f 41 11 12 0c 66 48 3b db df e2 21 2b 39 5b 3f 36 dd e2 e4 27 33 0b 6c 4f 42 e6 ec ee 21 2b 10 c8 c0 b9 6a
                                                                                                                                                                  Data Ascii: PNGIHDR&cPLTEl_LUPDynR#1KSSADC{jU/.+DKLzeQ;3,wZE443343nB2333)#q000%B82*++.yJ@8/"--=dH;pOAfH;!+9[?6'3lOB!+j
                                                                                                                                                                  2024-10-01 15:27:02 UTC8000INData Raw: 86 97 bc 0d 32 24 ea 04 76 18 6d 8b 7d 67 29 80 01 0e eb 1b 3b b5 46 ad 56 e7 59 59 b4 73 54 a4 d5 4e c6 38 82 0f 45 78 e1 18 06 44 6e 98 fd 23 54 e4 24 96 94 4a cc f1 16 8e 6d 50 65 d7 72 79 af 73 e5 77 ff f7 01 4c f7 ad bd c8 ce 31 c1 d0 f4 bc cf 19 fa 86 60 6e 70 51 a9 39 86 13 fa 06 10 3c f3 e9 a7 9f c2 c1 80 40 3e 10 60 10 0e 16 c3 cb 7e 37 b8 2e 1a 0a 60 80 02 18 ac 1b 5a f0 82 aa 35 2a 51 a9 2d d6 2f 10 8c 1b 94 03 91 a9 de a8 c3 01 43 cc d8 8e 2d 23 32 d7 b0 30 72 e7 c7 75 71 cd 04 25 f6 02 84 39 7f cb 81 e9 a8 c1 f0 a7 26 72 a7 8c 62 d8 5b f8 c1 af d9 dd f5 77 2a ba 28 9d 9d 72 d0 a6 e5 50 35 ff d3 d3 63 80 c3 71 37 a0 93 dd e0 92 03 c7 d3 fd 41 09 3d f4 ed b7 34 d0 a2 cb bb 21 e2 77 c3 e0 a4 70 78 b9 cb 60 30 6d 43 30 45 43 41 65 31 b8 14 dd c2
                                                                                                                                                                  Data Ascii: 2$vm}g);FVYYsTN8ExDn#T$JmPeryswL1`npQ9<@>`~7.`Z5*Q-/C-#20ruq%9&rb[w*(rP5cq7A=4!wpx`0mC0ECAe1
                                                                                                                                                                  2024-10-01 15:27:02 UTC8000INData Raw: c3 e0 2e b6 72 53 7b 77 13 1b 4c 02 a0 5e c6 1e df 60 15 02 b3 02 14 14 1b 34 20 73 1b 24 c0 c0 97 72 a5 e2 3b 34 b0 a7 67 27 41 da d7 d1 25 c6 41 12 07 dd 58 22 0b 88 84 fa 19 97 2b 58 74 81 04 e5 fe 58 9e eb ee 6d 3a fa cc 33 f7 9c ee 23 81 65 4b 74 8e dd e6 ba ce 98 96 a8 05 ca 8a c1 1e cb 54 0b 21 18 87 15 be 33 e4 84 56 48 7d e1 30 58 97 0b 0f 9f a2 8a d3 b1 e8 cb b8 51 0c 0a da 7d 4b 6b 51 fa 3a c0 80 86 eb 2d 48 8f 0c 8f 64 17 fb 16 e5 86 f4 30 6f b3 fc ba e6 6c e7 c4 b4 69 72 ab 18 e4 86 8b 7d 6c 90 fe 31 44 0b c3 0d 37 7b 0c 50 a0 88 36 0c 8c 02 20 30 b8 18 ad 06 ab 86 63 ac 74 00 84 48 d0 5d 7d e9 7a fd d0 cd 31 70 50 f9 06 82 b7 89 d3 92 c2 82 57 89 15 d1 fb de 2c f5 e1 19 55 f1 54 de 52 d2 82 6e 6f 51 88 16 07 30 00 41 66 78 6f b0 a7 bb 29 76
                                                                                                                                                                  Data Ascii: .rS{wL^`4 s$r;4g'A%AX"+XtXm:3#eKtT!3VH}0XQ}KkQ:-Hd0olir}l1D7{P6 0ctH]}z1pPW,UTRnoQ0Afxo)v
                                                                                                                                                                  2024-10-01 15:27:02 UTC8000INData Raw: a2 0b ab 2b 90 e1 0b c3 f0 1e 7d fa e0 7a 3a 1f c3 e2 45 4e 21 63 c8 6e 08 d9 20 37 b8 1d 42 46 e7 6c a8 76 a0 14 dd 62 b8 19 34 22 89 0c a1 4c c6 8e 9a 0a d5 0b 4a 06 d7 c8 ee 80 78 b3 a8 9a c1 21 64 1a 48 0c 1c 83 28 64 0c 21 19 32 86 6e a1 cb 16 5f c3 70 42 6e 98 fb 1e 56 a7 90 31 cc 77 c3 04 85 2e 1d 36 a5 ee 6d 5a 36 d4 aa b4 f3 ca c5 a8 ea 07 1e ee 06 66 02 51 9f bc 79 2e 14 0c 83 bb 61 b7 95 24 c7 e0 5e d0 e6 db 74 89 42 83 50 28 e4 b2 93 af 0a 0d 18 c4 0f 0d 90 30 50 93 c0 a0 7d d5 54 94 32 05 30 2c ca 18 24 ef de 66 2c 95 d0 3e 40 78 48 a7 8c ce 65 69 db ce 6d 84 f4 75 dc d0 0f 75 89 11 34 13 c5 e9 6b 13 dd b3 28 30 5d 27 76 df 3c 79 15 35 0c e5 c7 7d c8 30 0c 42 c1 cc 72 2b 38 85 8c 61 22 a5 93 1b 8c 20 2a 18 3e e8 3f 19 f0 ad 0a a0 1e 09 43 86
                                                                                                                                                                  Data Ascii: +}z:EN!cn 7BFlvb4"LJx!dH(d!2n_pBnV1w.6mZ6fQy.a$^tBP(0P}T20,$f,>@xHeimuu4k(0]'v<y5}0Br+8a" *>?C
                                                                                                                                                                  2024-10-01 15:27:02 UTC654INData Raw: 20 58 0e c2 11 84 39 e4 90 82 01 15 2c 95 41 ed 58 a7 b3 01 0e 67 f8 0d e2 51 1b 9d 83 40 04 07 86 73 18 d5 a4 42 81 d5 38 40 20 65 74 80 30 14 02 71 c9 f6 d1 02 e1 0c 90 30 f0 37 63 b0 c7 42 fe d2 60 0e bd 77 6e 87 50 70 08 6d 3a 0b e6 04 86 89 6c 28 35 a9 42 10 85 f1 21 2b 10 f2 23 dd 00 b0 11 14 60 c0 42 4a 06 a7 10 55 29 50 60 04 56 9c 72 f7 8d 34 33 d5 25 4f e6 b8 c9 93 38 14 b5 70 36 3b b8 3e ee ad 77 8f 01 27 f8 05 0e 4a 0a 3c d2 3f e6 4e a9 9a 61 fa 89 6e 66 09 e9 ba 8f 76 e1 85 e6 06 ef 95 06 33 30 55 95 18 bd 28 bd f0 68 c8 76 80 02 ca 1b b8 91 25 32 05 a6 1d ee c5 ad 86 c5 e8 d9 a4 8a 81 e1 1b 6b 3e d8 65 e7 a7 1a 6b 08 e4 b2 84 a0 20 22 d5 0d e9 f3 d4 09 6b 4d e8 5a 92 02 43 df 48 9f c1 0d 0d 82 ec 00 02 d7 c0 a0 95 24 b9 41 db 68 1f aa 49 c1
                                                                                                                                                                  Data Ascii: X9,AXgQ@sB8@ et0q07cB`wnPpm:l(5B!+#`BJU)P`Vr43%O8p6;>w'J<?Nanfv30U(hv%2k>ek "kMZCH$AhI


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  46192.168.2.45467267.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:02 UTC433OUTGET /imagenew20/prod-spr-El.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
                                                                                                                                                                  2024-10-01 15:27:02 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:02 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Mon, 27 May 2024 09:54:40 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 9911
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:02 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:27:02 UTC7686INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 64 00 00 00 33 08 06 00 00 00 a0 e7 72 db 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 0e a1 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 32 20 37 39 2e 61 36 61 36 33 39 36 2c 20 32 30 32 34 2f 30 33 2f 31 32 2d 30 37 3a 34 38 3a 32 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52
                                                                                                                                                                  Data Ascii: PNGIHDRd3rpHYsiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c002 79.a6a6396, 2024/03/12-07:48:23 "> <rdf:R
                                                                                                                                                                  2024-10-01 15:27:02 UTC2225INData Raw: 07 06 cb 15 bb 9b 3b 05 74 08 fc df 0e 07 a0 a9 8b e4 e8 0e 7e 98 57 cb 4e 82 ce e3 cf 39 4a 77 3b ae 9b 50 ea c4 56 66 60 08 26 3e f3 45 74 1e 07 7b 4c 62 2b 39 60 71 c0 e1 de 71 30 e6 0d 58 78 4f df bb c9 b8 1f 07 68 f3 7e bd 17 7a 28 87 29 18 cf d0 33 df 83 67 be 5b b9 76 8e 7e 1f c2 f1 19 c3 0e 68 82 ca 15 62 c8 df 10 ab 2b 22 93 e4 10 3a 84 26 83 16 ae 9d 34 2c f3 23 f8 e4 76 72 d4 b3 5d 8c 79 72 5b b4 3c e5 47 25 47 d3 60 ac 81 58 fb f2 61 09 c6 33 0a 78 07 78 0e 2d 4b bc 92 cc 7c 9e 9e 11 ef e8 b6 40 cf e9 10 3a 2e de 62 93 ff fb 08 1d e3 e7 cc ee 0b 7e 29 c0 b7 48 9f 83 8e 92 b1 ee 85 c8 af 36 20 ab 2c b6 57 20 c0 1d 80 f4 11 ef 89 b9 49 9c 3a 04 b0 a5 b4 50 3b 06 bd 6d 09 0d b8 99 c2 1e f9 3c 9e 68 33 e9 e9 43 b8 5b 66 c0 be 77 a1 c3 19 8d 8d 06
                                                                                                                                                                  Data Ascii: ;t~WN9Jw;PVf`&>Et{Lb+9`qq0XxOh~z()3g[v~hb+":&4,#vr]yr[<G%G`Xa3xx-K|@:.b~)H6 ,W I:P;m<h3C[fw


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  47192.168.2.454673150.171.27.104436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:02 UTC620OUTGET /bat.js HTTP/1.1
                                                                                                                                                                  Host: bat.bing.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
                                                                                                                                                                  2024-10-01 15:27:02 UTC653INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: private,max-age=1800
                                                                                                                                                                  Content-Length: 50523
                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                  Last-Modified: Thu, 19 Sep 2024 15:43:41 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  ETag: "803483b3aaadb1:0"
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                  X-Cache: CONFIG_NOCACHE
                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                  X-MSEdge-Ref: Ref A: 07C0974627CF409CBCFF4F68D8402562 Ref B: EWR311000108009 Ref C: 2024-10-01T15:27:02Z
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:02 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-01 15:27:02 UTC3111INData Raw: 66 75 6e 63 74 69 6f 6e 20 55 45 54 28 6f 29 7b 74 68 69 73 2e 73 74 72 69 6e 67 45 78 69 73 74 73 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 26 26 6e 2e 6c 65 6e 67 74 68 3e 30 7d 3b 74 68 69 73 2e 64 6f 6d 61 69 6e 3d 22 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 22 3b 74 68 69 73 2e 64 6f 6d 61 69 6e 43 6c 3d 22 62 61 74 2e 62 69 6e 67 2e 6e 65 74 22 3b 74 68 69 73 2e 55 52 4c 4c 45 4e 47 54 48 4c 49 4d 49 54 3d 34 30 39 36 3b 74 68 69 73 2e 70 61 67 65 4c 6f 61 64 45 76 74 3d 22 70 61 67 65 4c 6f 61 64 22 3b 74 68 69 73 2e 63 75 73 74 6f 6d 45 76 74 3d 22 63 75 73 74 6f 6d 22 3b 74 68 69 73 2e 70 61 67 65 56 69 65 77 45 76 74 3d 22 70 61 67 65 5f 76 69 65 77 22 3b 6f 2e 56 65 72 3d 6f 2e 56 65 72 21 3d 3d 75 6e 64 65 66 69 6e 65 64 26 26
                                                                                                                                                                  Data Ascii: function UET(o){this.stringExists=function(n){return n&&n.length>0};this.domain="bat.bing.com";this.domainCl="bat.bing.net";this.URLLENGTHLIMIT=4096;this.pageLoadEvt="pageLoad";this.customEvt="custom";this.pageViewEvt="page_view";o.Ver=o.Ver!==undefined&&
                                                                                                                                                                  2024-10-01 15:27:02 UTC8192INData Raw: 22 69 74 65 6d 73 2e 6c 69 73 74 5f 70 6f 73 69 74 69 6f 6e 22 3a 7b 74 79 70 65 3a 22 69 6e 74 65 67 65 72 22 7d 2c 22 69 74 65 6d 73 2e 6c 6f 63 61 74 69 6f 6e 5f 69 64 22 3a 7b 7d 2c 22 69 74 65 6d 73 2e 6e 61 6d 65 22 3a 7b 7d 2c 22 69 74 65 6d 73 2e 70 72 69 63 65 22 3a 7b 74 79 70 65 3a 22 6e 75 6d 62 65 72 22 7d 2c 22 69 74 65 6d 73 2e 71 75 61 6e 74 69 74 79 22 3a 7b 74 79 70 65 3a 22 6e 75 6d 62 65 72 22 7d 2c 22 69 74 65 6d 73 2e 76 61 72 69 61 6e 74 22 3a 7b 7d 2c 70 72 6f 6d 6f 74 69 6f 6e 73 3a 7b 74 79 70 65 3a 22 61 72 72 61 79 22 7d 2c 22 70 72 6f 6d 6f 74 69 6f 6e 73 2e 63 72 65 61 74 69 76 65 5f 6e 61 6d 65 22 3a 7b 7d 2c 22 70 72 6f 6d 6f 74 69 6f 6e 73 2e 63 72 65 61 74 69 76 65 5f 73 6c 6f 74 22 3a 7b 7d 2c 22 70 72 6f 6d 6f 74 69 6f
                                                                                                                                                                  Data Ascii: "items.list_position":{type:"integer"},"items.location_id":{},"items.name":{},"items.price":{type:"number"},"items.quantity":{type:"number"},"items.variant":{},promotions:{type:"array"},"promotions.creative_name":{},"promotions.creative_slot":{},"promotio
                                                                                                                                                                  2024-10-01 15:27:02 UTC4705INData Raw: 73 2e 75 65 74 43 6f 6e 66 69 67 2e 75 69 64 43 6f 6f 6b 69 65 3d 6f 2e 75 69 64 43 6f 6f 6b 69 65 29 3b 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 67 74 6d 54 61 67 53 6f 75 72 63 65 3d 75 6e 64 65 66 69 6e 65 64 3b 6f 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 67 74 6d 54 61 67 53 6f 75 72 63 65 22 29 26 26 6f 2e 67 74 6d 54 61 67 53 6f 75 72 63 65 26 26 74 79 70 65 6f 66 20 6f 2e 67 74 6d 54 61 67 53 6f 75 72 63 65 3d 3d 22 73 74 72 69 6e 67 22 26 26 28 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 67 74 6d 54 61 67 53 6f 75 72 63 65 3d 6f 2e 67 74 6d 54 61 67 53 6f 75 72 63 65 29 3b 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 67 74 61 67 50 69 64 3d 21 31 3b 6f 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 70 61 67 65 50 69 64 22 29 26
                                                                                                                                                                  Data Ascii: s.uetConfig.uidCookie=o.uidCookie);this.uetConfig.gtmTagSource=undefined;o.hasOwnProperty("gtmTagSource")&&o.gtmTagSource&&typeof o.gtmTagSource=="string"&&(this.uetConfig.gtmTagSource=o.gtmTagSource);this.uetConfig.gtagPid=!1;o.hasOwnProperty("pagePid")&
                                                                                                                                                                  2024-10-01 15:27:02 UTC8192INData Raw: 75 6e 64 65 66 69 6e 65 64 29 72 65 74 75 72 6e 3b 68 3d 75 3d 3d 3d 74 68 69 73 2e 70 61 67 65 56 69 65 77 45 76 74 3f 74 68 69 73 2e 70 61 67 65 4c 6f 61 64 45 76 74 3a 74 68 69 73 2e 63 75 73 74 6f 6d 45 76 74 3b 74 68 69 73 2e 65 76 74 28 68 2c 75 2c 73 2c 6e 5b 32 5d 29 7d 65 6c 73 65 20 69 66 28 6e 5b 30 5d 3d 3d 3d 22 73 65 74 22 29 7b 69 66 28 74 79 70 65 6f 66 20 6e 5b 31 5d 5b 30 5d 21 3d 22 6f 62 6a 65 63 74 22 29 72 65 74 75 72 6e 3b 66 6f 72 28 69 20 69 6e 20 6e 5b 31 5d 5b 30 5d 29 74 68 69 73 2e 6b 6e 6f 77 6e 50 61 72 61 6d 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 69 29 26 26 28 74 68 69 73 2e 70 61 67 65 4c 65 76 65 6c 50 61 72 61 6d 73 5b 69 5d 3d 6e 5b 31 5d 5b 30 5d 5b 69 5d 2c 69 3d 3d 3d 22 70 69 64 22 26 26 74 68 69 73 2e
                                                                                                                                                                  Data Ascii: undefined)return;h=u===this.pageViewEvt?this.pageLoadEvt:this.customEvt;this.evt(h,u,s,n[2])}else if(n[0]==="set"){if(typeof n[1][0]!="object")return;for(i in n[1][0])this.knownParams.hasOwnProperty(i)&&(this.pageLevelParams[i]=n[1][0][i],i==="pid"&&this.
                                                                                                                                                                  2024-10-01 15:27:02 UTC8192INData Raw: 6e 2e 6d 74 70 3d 6e 61 76 69 67 61 74 6f 72 2e 6d 61 78 54 6f 75 63 68 50 6f 69 6e 74 73 29 2c 6e 7d 3b 74 68 69 73 2e 72 65 6d 6f 76 65 54 72 61 69 6c 69 6e 67 41 6d 70 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 74 3d 6e 2e 63 68 61 72 41 74 28 6e 2e 6c 65 6e 67 74 68 2d 31 29 3b 72 65 74 75 72 6e 28 74 3d 3d 3d 22 26 22 7c 7c 74 3d 3d 3d 22 3f 22 29 26 26 28 6e 3d 6e 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 6e 2e 6c 65 6e 67 74 68 2d 31 29 29 2c 6e 7d 3b 74 68 69 73 2e 68 65 6c 70 65 72 45 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 69 66 28 74 79 70 65 6f 66 20 43 75 73 74 6f 6d 45 76 65 6e 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 7b 76 61 72 20 74 3d 7b 65 72 72 4d 73 67 3a 6e 2c 74 61 67 49 64 3a 74 68 69 73 2e 62 65 61 63 6f 6e 50 61
                                                                                                                                                                  Data Ascii: n.mtp=navigator.maxTouchPoints),n};this.removeTrailingAmp=function(n){var t=n.charAt(n.length-1);return(t==="&"||t==="?")&&(n=n.substring(0,n.length-1)),n};this.helperError=function(n){if(typeof CustomEvent=="function"){var t={errMsg:n,tagId:this.beaconPa
                                                                                                                                                                  2024-10-01 15:27:02 UTC8192INData Raw: 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 70 61 67 65 74 79 70 65 22 29 3e 30 3f 28 74 2e 70 61 67 65 74 79 70 65 3d 74 68 69 73 2e 76 61 6c 69 64 61 74 65 50 61 67 65 54 79 70 65 28 74 2e 70 61 67 65 74 79 70 65 2c 74 68 69 73 2e 76 61 6c 69 64 52 65 74 61 69 6c 50 61 67 65 54 79 70 65 56 61 6c 75 65 73 29 2c 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 70 72 6f 64 69 64 22 29 3e 30 26 26 28 74 2e 70 72 6f 64 69 64 3d 74 68 69 73 2e 76 61 6c 69 64 61 74 65 50 72 6f 64 49 64 28 74 2e 70 72 6f 64 69 64 29 29 29 3a 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 70 72 6f 64 69 64 22 29 3e 30 26 26 74 68 69 73 2e 74 68 72 6f 77 45 72 72 6f 72 28 74 68 69 73 2e 6d 69 73 73 69 6e 67 50 61 67 65 54 79 70 65 45 78 63 65 70 74 69 6f 6e
                                                                                                                                                                  Data Ascii: t.hasOwnProperty("pagetype")>0?(t.pagetype=this.validatePageType(t.pagetype,this.validRetailPageTypeValues),t.hasOwnProperty("prodid")>0&&(t.prodid=this.validateProdId(t.prodid))):t.hasOwnProperty("prodid")>0&&this.throwError(this.missingPageTypeException
                                                                                                                                                                  2024-10-01 15:27:02 UTC8192INData Raw: 75 3c 3d 33 3f 74 5b 69 5d 3d 22 22 3a 64 65 6c 65 74 65 20 74 5b 69 5d 2c 72 3d 74 68 69 73 2e 73 74 72 69 6e 67 69 66 79 54 6f 52 65 71 75 65 73 74 28 74 29 2c 66 3d 74 68 69 73 2e 72 65 6d 6f 76 65 54 72 61 69 6c 69 6e 67 41 6d 70 28 65 2b 72 29 29 3b 74 68 69 73 2e 66 69 72 65 42 65 61 63 6f 6e 49 6d 67 28 66 29 3b 74 68 69 73 2e 73 6e 69 70 70 65 74 45 76 65 6e 74 51 75 65 75 65 2e 70 75 73 68 28 72 29 3b 74 68 69 73 2e 73 6e 69 70 70 65 74 45 76 65 6e 74 51 75 65 75 65 2e 6c 65 6e 67 74 68 3e 32 30 26 26 74 68 69 73 2e 73 6e 69 70 70 65 74 45 76 65 6e 74 51 75 65 75 65 2e 73 68 69 66 74 28 29 3b 74 72 79 7b 74 79 70 65 6f 66 20 43 75 73 74 6f 6d 45 76 65 6e 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 28 73 3d 6e 65 77 20 43 75 73 74 6f 6d 45 76 65
                                                                                                                                                                  Data Ascii: u<=3?t[i]="":delete t[i],r=this.stringifyToRequest(t),f=this.removeTrailingAmp(e+r));this.fireBeaconImg(f);this.snippetEventQueue.push(r);this.snippetEventQueue.length>20&&this.snippetEventQueue.shift();try{typeof CustomEvent=="function"&&(s=new CustomEve
                                                                                                                                                                  2024-10-01 15:27:02 UTC1747INData Raw: 28 21 74 68 69 73 2e 69 73 41 64 53 74 6f 72 61 67 65 41 6c 6c 6f 77 65 64 28 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 69 3d 6e 3d 3d 3d 30 3f 74 68 69 73 2e 73 65 73 73 69 6f 6e 43 6f 6f 6b 69 65 4e 61 6d 65 3a 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 76 69 64 43 6f 6f 6b 69 65 2c 74 3d 74 68 69 73 2e 67 65 74 43 6f 6f 6b 69 65 28 69 2c 22 22 2c 74 68 69 73 2e 69 6e 73 69 67 68 74 73 43 6f 6f 6b 69 65 4d 61 78 4c 65 6e 67 74 68 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 74 72 69 6e 67 45 78 69 73 74 73 28 74 29 7c 7c 28 74 3d 74 68 69 73 2e 67 65 74 4c 6f 63 61 6c 53 74 6f 72 61 67 65 42 61 63 6b 75 70 28 69 2c 74 68 69 73 2e 69 6e 73 69 67 68 74 73 43 6f 6f 6b 69 65 4d 61 78 4c 65 6e 67 74 68 29 29 2c 74 68 69 73 2e 69 6e 73 69 67 68
                                                                                                                                                                  Data Ascii: (!this.isAdStorageAllowed())return null;var i=n===0?this.sessionCookieName:this.uetConfig.vidCookie,t=this.getCookie(i,"",this.insightsCookieMaxLength);return this.stringExists(t)||(t=this.getLocalStorageBackup(i,this.insightsCookieMaxLength)),this.insigh


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  48192.168.2.4546233.224.56.914436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:02 UTC583OUTGET /improvely.js HTTP/1.1
                                                                                                                                                                  Host: lepide.iljmp.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:02 UTC674INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:02 GMT
                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                  Content-Length: 3259
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Set-Cookie: AWSALB=ZrxawPMx5H/sa4nLsgB/olJy8M171KLkW8yl63McqD8VzfzD/V3HSZ7rOD/+XwPIIGPzAWUC4fy1KURA7aCWPjbf6oEQbZ3e0z4Gb5mkHMmOrl3xQhUmLkjoc9lc; Expires=Tue, 08 Oct 2024 15:27:02 GMT; Path=/
                                                                                                                                                                  Set-Cookie: AWSALBCORS=ZrxawPMx5H/sa4nLsgB/olJy8M171KLkW8yl63McqD8VzfzD/V3HSZ7rOD/+XwPIIGPzAWUC4fy1KURA7aCWPjbf6oEQbZ3e0z4Gb5mkHMmOrl3xQhUmLkjoc9lc; Expires=Tue, 08 Oct 2024 15:27:02 GMT; Path=/; SameSite=None; Secure
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Last-Modified: Fri, 13 Oct 2023 01:45:02 GMT
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  ETag: "6528a11e-cbb"
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  2024-10-01 15:27:02 UTC3259INData Raw: 76 61 72 20 69 6d 70 72 6f 76 65 6c 79 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 31 2c 6e 3d 22 22 2c 6f 3d 22 22 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 6f 29 7b 76 61 72 20 69 3d 65 2c 74 3d 6e 65 77 20 44 61 74 65 3b 74 2e 73 65 74 44 61 74 65 28 74 2e 67 65 74 44 61 74 65 28 29 2b 6f 29 3b 76 61 72 20 72 3d 69 2b 22 3d 22 2b 65 73 63 61 70 65 28 6e 29 3b 6e 75 6c 6c 21 3d 6f 26 26 28 72 2b 3d 22 3b 20 65 78 70 69 72 65 73 3d 22 2b 74 2e 74 6f 55 54 43 53 74 72 69 6e 67 28 29 29 2c 72 2b 3d 22 3b 20 70 61 74 68 3d 2f 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 22 2c 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 72 7d 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 3b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                  Data Ascii: var improvely=function(){var e=1,n="",o="",i=function(e,n,o){var i=e,t=new Date;t.setDate(t.getDate()+o);var r=i+"="+escape(n);null!=o&&(r+="; expires="+t.toUTCString()),r+="; path=/; SameSite=Lax",document.cookie=r},t=function(e){var n=e;return document.


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  49192.168.2.45467567.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:02 UTC430OUTGET /imagenew20/arw-menu.png HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420
                                                                                                                                                                  2024-10-01 15:27:02 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:02 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Thu, 13 Oct 2022 13:05:35 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 1069
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:02 GMT
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                  2024-10-01 15:27:02 UTC1069INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 08 00 00 00 05 08 06 00 00 00 78 91 ad 55 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 6a 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 37 2e 32 2d 63 30 30 30 20 37 39 2e 31 62 36 35 61 37 39 62 34 2c 20 32 30 32 32 2f 30 36 2f 31 33 2d 32 32 3a 30 31 3a 30
                                                                                                                                                                  Data Ascii: PNGIHDRxUtEXtSoftwareAdobe ImageReadyqe<jiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  50192.168.2.4546783.224.56.914436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:03 UTC497OUTGET /improvely.js HTTP/1.1
                                                                                                                                                                  Host: lepide.iljmp.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: AWSALBCORS=ZrxawPMx5H/sa4nLsgB/olJy8M171KLkW8yl63McqD8VzfzD/V3HSZ7rOD/+XwPIIGPzAWUC4fy1KURA7aCWPjbf6oEQbZ3e0z4Gb5mkHMmOrl3xQhUmLkjoc9lc
                                                                                                                                                                  2024-10-01 15:27:03 UTC674INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:03 GMT
                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                  Content-Length: 3259
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Set-Cookie: AWSALB=2hclR1qAG/K/Tv9b4/6RgBjGXvxh2AMY5CSOis41KKtxXChsQOWIiFk/pJpy8LgZ9xmRDMg95wAMwH4JhsQ/pcmhnrujQ+5udajpaS5IJjzelRnh+cMmA+gKh5dW; Expires=Tue, 08 Oct 2024 15:27:03 GMT; Path=/
                                                                                                                                                                  Set-Cookie: AWSALBCORS=2hclR1qAG/K/Tv9b4/6RgBjGXvxh2AMY5CSOis41KKtxXChsQOWIiFk/pJpy8LgZ9xmRDMg95wAMwH4JhsQ/pcmhnrujQ+5udajpaS5IJjzelRnh+cMmA+gKh5dW; Expires=Tue, 08 Oct 2024 15:27:03 GMT; Path=/; SameSite=None; Secure
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Last-Modified: Fri, 13 Oct 2023 01:45:02 GMT
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  ETag: "6528a11e-cbb"
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  2024-10-01 15:27:03 UTC3259INData Raw: 76 61 72 20 69 6d 70 72 6f 76 65 6c 79 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 31 2c 6e 3d 22 22 2c 6f 3d 22 22 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 6f 29 7b 76 61 72 20 69 3d 65 2c 74 3d 6e 65 77 20 44 61 74 65 3b 74 2e 73 65 74 44 61 74 65 28 74 2e 67 65 74 44 61 74 65 28 29 2b 6f 29 3b 76 61 72 20 72 3d 69 2b 22 3d 22 2b 65 73 63 61 70 65 28 6e 29 3b 6e 75 6c 6c 21 3d 6f 26 26 28 72 2b 3d 22 3b 20 65 78 70 69 72 65 73 3d 22 2b 74 2e 74 6f 55 54 43 53 74 72 69 6e 67 28 29 29 2c 72 2b 3d 22 3b 20 70 61 74 68 3d 2f 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 22 2c 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 72 7d 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 3b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                  Data Ascii: var improvely=function(){var e=1,n="",o="",i=function(e,n,o){var i=e,t=new Date;t.setDate(t.getDate()+o);var r=i+"="+escape(n);null!=o&&(r+="; expires="+t.toUTCString()),r+="; path=/; SameSite=Lax",document.cookie=r},t=function(e){var n=e;return document.


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  51192.168.2.454676150.171.27.104436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:03 UTC389OUTGET /bat.js HTTP/1.1
                                                                                                                                                                  Host: bat.bing.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
                                                                                                                                                                  2024-10-01 15:27:03 UTC651INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: private,max-age=1800
                                                                                                                                                                  Content-Length: 50523
                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                  Last-Modified: Thu, 19 Sep 2024 15:43:41 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  ETag: "803483b3aaadb1:0"
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                  X-Cache: CONFIG_NOCACHE
                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                  X-MSEdge-Ref: Ref A: B77267182E474BBE961267EE2819E934 Ref B: EWR30EDGE0716 Ref C: 2024-10-01T15:27:03Z
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:02 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-01 15:27:03 UTC2257INData Raw: 66 75 6e 63 74 69 6f 6e 20 55 45 54 28 6f 29 7b 74 68 69 73 2e 73 74 72 69 6e 67 45 78 69 73 74 73 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 26 26 6e 2e 6c 65 6e 67 74 68 3e 30 7d 3b 74 68 69 73 2e 64 6f 6d 61 69 6e 3d 22 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 22 3b 74 68 69 73 2e 64 6f 6d 61 69 6e 43 6c 3d 22 62 61 74 2e 62 69 6e 67 2e 6e 65 74 22 3b 74 68 69 73 2e 55 52 4c 4c 45 4e 47 54 48 4c 49 4d 49 54 3d 34 30 39 36 3b 74 68 69 73 2e 70 61 67 65 4c 6f 61 64 45 76 74 3d 22 70 61 67 65 4c 6f 61 64 22 3b 74 68 69 73 2e 63 75 73 74 6f 6d 45 76 74 3d 22 63 75 73 74 6f 6d 22 3b 74 68 69 73 2e 70 61 67 65 56 69 65 77 45 76 74 3d 22 70 61 67 65 5f 76 69 65 77 22 3b 6f 2e 56 65 72 3d 6f 2e 56 65 72 21 3d 3d 75 6e 64 65 66 69 6e 65 64 26 26
                                                                                                                                                                  Data Ascii: function UET(o){this.stringExists=function(n){return n&&n.length>0};this.domain="bat.bing.com";this.domainCl="bat.bing.net";this.URLLENGTHLIMIT=4096;this.pageLoadEvt="pageLoad";this.customEvt="custom";this.pageViewEvt="page_view";o.Ver=o.Ver!==undefined&&
                                                                                                                                                                  2024-10-01 15:27:03 UTC8192INData Raw: 72 74 64 61 74 65 3a 7b 74 79 70 65 3a 22 64 61 74 65 22 7d 2c 74 72 61 76 65 6c 5f 65 6e 64 64 61 74 65 3a 7b 74 79 70 65 3a 22 64 61 74 65 22 7d 2c 74 72 61 76 65 6c 5f 74 6f 74 61 6c 76 61 6c 75 65 3a 7b 74 79 70 65 3a 22 6e 75 6d 62 65 72 22 7d 2c 66 6c 69 67 68 74 5f 64 65 73 74 69 64 3a 7b 7d 2c 66 6c 69 67 68 74 5f 6f 72 69 67 69 6e 69 64 3a 7b 7d 2c 66 6c 69 67 68 74 5f 70 61 67 65 74 79 70 65 3a 7b 74 79 70 65 3a 22 65 6e 75 6d 22 2c 76 61 6c 75 65 73 3a 5b 22 68 6f 6d 65 22 2c 22 73 65 61 72 63 68 72 65 73 75 6c 74 73 22 2c 22 6f 66 66 65 72 64 65 74 61 69 6c 22 2c 22 63 61 72 74 22 2c 22 70 75 72 63 68 61 73 65 22 2c 22 63 61 6e 63 65 6c 22 2c 22 6f 74 68 65 72 22 5d 7d 2c 66 6c 69 67 68 74 5f 73 74 61 72 74 64 61 74 65 3a 7b 74 79 70 65 3a 22
                                                                                                                                                                  Data Ascii: rtdate:{type:"date"},travel_enddate:{type:"date"},travel_totalvalue:{type:"number"},flight_destid:{},flight_originid:{},flight_pagetype:{type:"enum",values:["home","searchresults","offerdetail","cart","purchase","cancel","other"]},flight_startdate:{type:"
                                                                                                                                                                  2024-10-01 15:27:03 UTC5559INData Raw: 26 26 75 25 31 3d 3d 30 26 26 75 3e 3d 30 26 26 75 3c 3d 32 26 26 28 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 65 72 72 6f 72 42 65 61 63 6f 6e 4c 65 76 65 6c 3d 75 29 29 3b 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 64 69 73 61 62 6c 65 41 75 74 6f 50 61 67 65 56 69 65 77 3d 21 31 3b 6f 2e 64 69 73 61 62 6c 65 41 75 74 6f 50 61 67 65 56 69 65 77 3d 3d 3d 21 30 26 26 28 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 64 69 73 61 62 6c 65 41 75 74 6f 50 61 67 65 56 69 65 77 3d 21 30 29 3b 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 64 69 73 61 62 6c 65 56 69 73 69 62 69 6c 69 74 79 45 76 65 6e 74 73 3d 21 31 3b 6f 2e 64 69 73 61 62 6c 65 56 69 73 69 62 69 6c 69 74 79 45 76 65 6e 74 73 3d 3d 3d 21 30 26 26 28 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e
                                                                                                                                                                  Data Ascii: &&u%1==0&&u>=0&&u<=2&&(this.uetConfig.errorBeaconLevel=u));this.uetConfig.disableAutoPageView=!1;o.disableAutoPageView===!0&&(this.uetConfig.disableAutoPageView=!0);this.uetConfig.disableVisibilityEvents=!1;o.disableVisibilityEvents===!0&&(this.uetConfig.
                                                                                                                                                                  2024-10-01 15:27:03 UTC8192INData Raw: 75 6e 64 65 66 69 6e 65 64 29 72 65 74 75 72 6e 3b 68 3d 75 3d 3d 3d 74 68 69 73 2e 70 61 67 65 56 69 65 77 45 76 74 3f 74 68 69 73 2e 70 61 67 65 4c 6f 61 64 45 76 74 3a 74 68 69 73 2e 63 75 73 74 6f 6d 45 76 74 3b 74 68 69 73 2e 65 76 74 28 68 2c 75 2c 73 2c 6e 5b 32 5d 29 7d 65 6c 73 65 20 69 66 28 6e 5b 30 5d 3d 3d 3d 22 73 65 74 22 29 7b 69 66 28 74 79 70 65 6f 66 20 6e 5b 31 5d 5b 30 5d 21 3d 22 6f 62 6a 65 63 74 22 29 72 65 74 75 72 6e 3b 66 6f 72 28 69 20 69 6e 20 6e 5b 31 5d 5b 30 5d 29 74 68 69 73 2e 6b 6e 6f 77 6e 50 61 72 61 6d 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 69 29 26 26 28 74 68 69 73 2e 70 61 67 65 4c 65 76 65 6c 50 61 72 61 6d 73 5b 69 5d 3d 6e 5b 31 5d 5b 30 5d 5b 69 5d 2c 69 3d 3d 3d 22 70 69 64 22 26 26 74 68 69 73 2e
                                                                                                                                                                  Data Ascii: undefined)return;h=u===this.pageViewEvt?this.pageLoadEvt:this.customEvt;this.evt(h,u,s,n[2])}else if(n[0]==="set"){if(typeof n[1][0]!="object")return;for(i in n[1][0])this.knownParams.hasOwnProperty(i)&&(this.pageLevelParams[i]=n[1][0][i],i==="pid"&&this.
                                                                                                                                                                  2024-10-01 15:27:03 UTC8192INData Raw: 6e 2e 6d 74 70 3d 6e 61 76 69 67 61 74 6f 72 2e 6d 61 78 54 6f 75 63 68 50 6f 69 6e 74 73 29 2c 6e 7d 3b 74 68 69 73 2e 72 65 6d 6f 76 65 54 72 61 69 6c 69 6e 67 41 6d 70 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 74 3d 6e 2e 63 68 61 72 41 74 28 6e 2e 6c 65 6e 67 74 68 2d 31 29 3b 72 65 74 75 72 6e 28 74 3d 3d 3d 22 26 22 7c 7c 74 3d 3d 3d 22 3f 22 29 26 26 28 6e 3d 6e 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 6e 2e 6c 65 6e 67 74 68 2d 31 29 29 2c 6e 7d 3b 74 68 69 73 2e 68 65 6c 70 65 72 45 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 69 66 28 74 79 70 65 6f 66 20 43 75 73 74 6f 6d 45 76 65 6e 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 7b 76 61 72 20 74 3d 7b 65 72 72 4d 73 67 3a 6e 2c 74 61 67 49 64 3a 74 68 69 73 2e 62 65 61 63 6f 6e 50 61
                                                                                                                                                                  Data Ascii: n.mtp=navigator.maxTouchPoints),n};this.removeTrailingAmp=function(n){var t=n.charAt(n.length-1);return(t==="&"||t==="?")&&(n=n.substring(0,n.length-1)),n};this.helperError=function(n){if(typeof CustomEvent=="function"){var t={errMsg:n,tagId:this.beaconPa
                                                                                                                                                                  2024-10-01 15:27:03 UTC8192INData Raw: 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 70 61 67 65 74 79 70 65 22 29 3e 30 3f 28 74 2e 70 61 67 65 74 79 70 65 3d 74 68 69 73 2e 76 61 6c 69 64 61 74 65 50 61 67 65 54 79 70 65 28 74 2e 70 61 67 65 74 79 70 65 2c 74 68 69 73 2e 76 61 6c 69 64 52 65 74 61 69 6c 50 61 67 65 54 79 70 65 56 61 6c 75 65 73 29 2c 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 70 72 6f 64 69 64 22 29 3e 30 26 26 28 74 2e 70 72 6f 64 69 64 3d 74 68 69 73 2e 76 61 6c 69 64 61 74 65 50 72 6f 64 49 64 28 74 2e 70 72 6f 64 69 64 29 29 29 3a 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 70 72 6f 64 69 64 22 29 3e 30 26 26 74 68 69 73 2e 74 68 72 6f 77 45 72 72 6f 72 28 74 68 69 73 2e 6d 69 73 73 69 6e 67 50 61 67 65 54 79 70 65 45 78 63 65 70 74 69 6f 6e
                                                                                                                                                                  Data Ascii: t.hasOwnProperty("pagetype")>0?(t.pagetype=this.validatePageType(t.pagetype,this.validRetailPageTypeValues),t.hasOwnProperty("prodid")>0&&(t.prodid=this.validateProdId(t.prodid))):t.hasOwnProperty("prodid")>0&&this.throwError(this.missingPageTypeException
                                                                                                                                                                  2024-10-01 15:27:03 UTC8192INData Raw: 75 3c 3d 33 3f 74 5b 69 5d 3d 22 22 3a 64 65 6c 65 74 65 20 74 5b 69 5d 2c 72 3d 74 68 69 73 2e 73 74 72 69 6e 67 69 66 79 54 6f 52 65 71 75 65 73 74 28 74 29 2c 66 3d 74 68 69 73 2e 72 65 6d 6f 76 65 54 72 61 69 6c 69 6e 67 41 6d 70 28 65 2b 72 29 29 3b 74 68 69 73 2e 66 69 72 65 42 65 61 63 6f 6e 49 6d 67 28 66 29 3b 74 68 69 73 2e 73 6e 69 70 70 65 74 45 76 65 6e 74 51 75 65 75 65 2e 70 75 73 68 28 72 29 3b 74 68 69 73 2e 73 6e 69 70 70 65 74 45 76 65 6e 74 51 75 65 75 65 2e 6c 65 6e 67 74 68 3e 32 30 26 26 74 68 69 73 2e 73 6e 69 70 70 65 74 45 76 65 6e 74 51 75 65 75 65 2e 73 68 69 66 74 28 29 3b 74 72 79 7b 74 79 70 65 6f 66 20 43 75 73 74 6f 6d 45 76 65 6e 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 28 73 3d 6e 65 77 20 43 75 73 74 6f 6d 45 76 65
                                                                                                                                                                  Data Ascii: u<=3?t[i]="":delete t[i],r=this.stringifyToRequest(t),f=this.removeTrailingAmp(e+r));this.fireBeaconImg(f);this.snippetEventQueue.push(r);this.snippetEventQueue.length>20&&this.snippetEventQueue.shift();try{typeof CustomEvent=="function"&&(s=new CustomEve
                                                                                                                                                                  2024-10-01 15:27:03 UTC1747INData Raw: 28 21 74 68 69 73 2e 69 73 41 64 53 74 6f 72 61 67 65 41 6c 6c 6f 77 65 64 28 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 69 3d 6e 3d 3d 3d 30 3f 74 68 69 73 2e 73 65 73 73 69 6f 6e 43 6f 6f 6b 69 65 4e 61 6d 65 3a 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 76 69 64 43 6f 6f 6b 69 65 2c 74 3d 74 68 69 73 2e 67 65 74 43 6f 6f 6b 69 65 28 69 2c 22 22 2c 74 68 69 73 2e 69 6e 73 69 67 68 74 73 43 6f 6f 6b 69 65 4d 61 78 4c 65 6e 67 74 68 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 74 72 69 6e 67 45 78 69 73 74 73 28 74 29 7c 7c 28 74 3d 74 68 69 73 2e 67 65 74 4c 6f 63 61 6c 53 74 6f 72 61 67 65 42 61 63 6b 75 70 28 69 2c 74 68 69 73 2e 69 6e 73 69 67 68 74 73 43 6f 6f 6b 69 65 4d 61 78 4c 65 6e 67 74 68 29 29 2c 74 68 69 73 2e 69 6e 73 69 67 68
                                                                                                                                                                  Data Ascii: (!this.isAdStorageAllowed())return null;var i=n===0?this.sessionCookieName:this.uetConfig.vidCookie,t=this.getCookie(i,"",this.insightsCookieMaxLength);return this.stringExists(t)||(t=this.getLocalStorageBackup(i,this.insightsCookieMaxLength)),this.insigh


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  52192.168.2.454677150.171.27.104436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:03 UTC635OUTGET /p/action/138001625.js HTTP/1.1
                                                                                                                                                                  Host: bat.bing.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
                                                                                                                                                                  2024-10-01 15:27:03 UTC570INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: private,max-age=1800
                                                                                                                                                                  Content-Length: 371
                                                                                                                                                                  Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                  X-Cache: CONFIG_NOCACHE
                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                  X-MSEdge-Ref: Ref A: 391ED7C98EE54109BA552EE46FE6785B Ref B: EWR30EDGE0906 Ref C: 2024-10-01T15:27:03Z
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:03 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-01 15:27:03 UTC371INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 63 2c 6b 2c 61 2c 62 2c 74 2c 65 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 63 73 20 3d 20 64 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 3b 0d 0a 20 20 20 20 69 66 20 28 63 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 75 6f 20 3d 20 63 73 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 75 65 74 6f 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 75 6f 20 26 26 20 77 5b 75 6f 5d 20 26 26 20 74 79 70 65 6f 66 20 77 5b 75 6f 5d 2e 73 65 74 55 73 65 72 53 69 67 6e 61 6c 73 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 5b 75 6f 5d 2e 73 65 74 55 73 65 72 53 69 67 6e 61 6c 73 28 7b 27 63 6f 27 3a 20 63 2c 20 27 6b 63 27 3a 20 6b 2c 20 27 61 74 27 3a
                                                                                                                                                                  Data Ascii: (function(w,d,c,k,a,b,t,e) { var cs = d.currentScript; if (cs) { var uo = cs.getAttribute('data-ueto'); if (uo && w[uo] && typeof w[uo].setUserSignals === 'function') { w[uo].setUserSignals({'co': c, 'kc': k, 'at':


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  53192.168.2.4546843.224.56.914436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:03 UTC1028OUTGET /track/click?product=2&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&screen=1280x1024x24&identity=&rand=796 HTTP/1.1
                                                                                                                                                                  Host: lepide.iljmp.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: AWSALBCORS=2hclR1qAG/K/Tv9b4/6RgBjGXvxh2AMY5CSOis41KKtxXChsQOWIiFk/pJpy8LgZ9xmRDMg95wAMwH4JhsQ/pcmhnrujQ+5udajpaS5IJjzelRnh+cMmA+gKh5dW
                                                                                                                                                                  2024-10-01 15:27:04 UTC1015INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:04 GMT
                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Set-Cookie: AWSALB=Y/IuQg9mwMNB0WnXbO8RhZgww0+9OLRWCrdNpwIh9BRsVnwMoqMRfTsBdorDHAQQds/JFdtuL67Co0BcRH0X630J8wLy/KQD4drcG2JxstMVu0IRa60Ls7ZsJPXY; Expires=Tue, 08 Oct 2024 15:27:04 GMT; Path=/
                                                                                                                                                                  Set-Cookie: AWSALBCORS=Y/IuQg9mwMNB0WnXbO8RhZgww0+9OLRWCrdNpwIh9BRsVnwMoqMRfTsBdorDHAQQds/JFdtuL67Co0BcRH0X630J8wLy/KQD4drcG2JxstMVu0IRa60Ls7ZsJPXY; Expires=Tue, 08 Oct 2024 15:27:04 GMT; Path=/; SameSite=None; Secure
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  X-Powered-By: PHP/7.3.29
                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                  Set-Cookie: symfony=mt2md1q4obphaejecink4sfa7c; path=/; secure; SameSite=None
                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  P3P: CP="CAO PSA OUR"
                                                                                                                                                                  Set-Cookie: lepide_2=85af5be9e818ed15846cc4d04f726994; expires=Wed, 01-Oct-2025 15:27:04 GMT; Max-Age=31536000; path=/; domain=iljmp.com; secure; SameSite=None
                                                                                                                                                                  2024-10-01 15:27:04 UTC60INData Raw: 33 36 0d 0a 69 6d 70 72 6f 76 65 6c 79 2e 69 64 65 6e 74 69 66 79 28 27 38 35 61 66 35 62 65 39 65 38 31 38 65 64 31 35 38 34 36 63 63 34 64 30 34 66 37 32 36 39 39 34 27 29 0d 0a
                                                                                                                                                                  Data Ascii: 36improvely.identify('85af5be9e818ed15846cc4d04f726994')
                                                                                                                                                                  2024-10-01 15:27:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  54192.168.2.454683150.171.27.104436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:04 UTC404OUTGET /p/action/138001625.js HTTP/1.1
                                                                                                                                                                  Host: bat.bing.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
                                                                                                                                                                  2024-10-01 15:27:04 UTC570INHTTP/1.1 200 OK
                                                                                                                                                                  Cache-Control: private,max-age=1800
                                                                                                                                                                  Content-Length: 371
                                                                                                                                                                  Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                  X-Cache: CONFIG_NOCACHE
                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                  X-MSEdge-Ref: Ref A: 7F911BE885744779A92E4BD8640B5B45 Ref B: EWR30EDGE0207 Ref C: 2024-10-01T15:27:04Z
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:04 GMT
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-01 15:27:04 UTC371INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 63 2c 6b 2c 61 2c 62 2c 74 2c 65 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 63 73 20 3d 20 64 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 3b 0d 0a 20 20 20 20 69 66 20 28 63 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 75 6f 20 3d 20 63 73 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 75 65 74 6f 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 75 6f 20 26 26 20 77 5b 75 6f 5d 20 26 26 20 74 79 70 65 6f 66 20 77 5b 75 6f 5d 2e 73 65 74 55 73 65 72 53 69 67 6e 61 6c 73 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 5b 75 6f 5d 2e 73 65 74 55 73 65 72 53 69 67 6e 61 6c 73 28 7b 27 63 6f 27 3a 20 63 2c 20 27 6b 63 27 3a 20 6b 2c 20 27 61 74 27 3a
                                                                                                                                                                  Data Ascii: (function(w,d,c,k,a,b,t,e) { var cs = d.currentScript; if (cs) { var uo = cs.getAttribute('data-ueto'); if (uo && w[uo] && typeof w[uo].setUserSignals === 'function') { w[uo].setUserSignals({'co': c, 'kc': k, 'at':


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  55192.168.2.454685150.171.27.104436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:04 UTC1118OUTGET /action/0?ti=138001625&tm=gtm002&Ver=2&mid=4990f006-1680-41ab-9fed-41cbaccf42df&sid=9bc31e90800911ef948eb5c6372e0fee&vid=9bc36200800911ef8321f7e7a4dacb97&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&p=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&r=&lt=8050&evt=pageLoad&sv=1&cdb=AQAQ&rn=586376 HTTP/1.1
                                                                                                                                                                  Host: bat.bing.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
                                                                                                                                                                  2024-10-01 15:27:04 UTC1028INHTTP/1.1 204 No Content
                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                  Set-Cookie: MSPTC=dNq2dmnYzer43C1v2Q9RHWZbTfLNCFX-RrLMVfOVh10; domain=.bing.com; expires=Sun, 26-Oct-2025 15:27:04 GMT; path=/; Partitioned; secure; SameSite=None
                                                                                                                                                                  Set-Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; domain=.bing.com; expires=Sun, 26-Oct-2025 15:27:04 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                  Set-Cookie: MR=0; domain=bat.bing.com; expires=Tue, 08-Oct-2024 15:27:04 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                  X-Cache: CONFIG_NOCACHE
                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                  X-MSEdge-Ref: Ref A: 9954853C586A41708FD8214E24F8A888 Ref B: EWR30EDGE0313 Ref C: 2024-10-01T15:27:04Z
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:03 GMT
                                                                                                                                                                  Connection: close


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  56192.168.2.454682142.250.185.1304436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:04 UTC1553OUTGET /td/rul/1057256791?random=1727796422723&cv=11&fst=1727796422723&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&ct_cookie_present=0 HTTP/1.1
                                                                                                                                                                  Host: td.doubleclick.net
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                                                                  Sec-Fetch-Dest: iframe
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:04 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                  P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:04 GMT
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Server: cafe
                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                  Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 01-Oct-2024 15:42:04 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  2024-10-01 15:27:04 UTC18INData Raw: 64 0d 0a 3c 68 74 6d 6c 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: d<html></html>
                                                                                                                                                                  2024-10-01 15:27:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  57192.168.2.454687216.58.206.344436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:04 UTC2011OUTGET /pagead/viewthroughconversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&eitems=ChAI8LvutwYQvYPn-4PFkqUhEh0AOih__PM4biFMzUH6O9d1ZH1mgJU_OXBioJa9Qg&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMg [TRUNCATED]
                                                                                                                                                                  Host: googleads.g.doubleclick.net
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:04 UTC2094INHTTP/1.1 302 Found
                                                                                                                                                                  P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:04 GMT
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                  Location: https://www.google.com/pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0 [TRUNCATED]
                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Server: cafe
                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                  Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 01-Oct-2024 15:42:04 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-01 15:27:04 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                  Data Ascii: GIF89a!,D;


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  58192.168.2.454622172.217.18.44436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:04 UTC2064OUTGET /pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5r [TRUNCATED]
                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  59192.168.2.4546893.224.56.914436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:04 UTC1009OUTGET /track/click?product=2&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&screen=1280x1024x24&identity=&rand=796 HTTP/1.1
                                                                                                                                                                  Host: lepide.iljmp.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: AWSALB=2hclR1qAG/K/Tv9b4/6RgBjGXvxh2AMY5CSOis41KKtxXChsQOWIiFk/pJpy8LgZ9xmRDMg95wAMwH4JhsQ/pcmhnrujQ+5udajpaS5IJjzelRnh+cMmA+gKh5dW; AWSALBCORS=Y/IuQg9mwMNB0WnXbO8RhZgww0+9OLRWCrdNpwIh9BRsVnwMoqMRfTsBdorDHAQQds/JFdtuL67Co0BcRH0X630J8wLy/KQD4drcG2JxstMVu0IRa60Ls7ZsJPXY; symfony=mt2md1q4obphaejecink4sfa7c; lepide_2=85af5be9e818ed15846cc4d04f726994
                                                                                                                                                                  2024-10-01 15:27:05 UTC936INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:05 GMT
                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Set-Cookie: AWSALB=+5ALbaUjQ9USpjadU2xjmZrOkAByfk0o42cpTdcbj55MEaP/7wu1Due7xXQznlP4SOip1viDyUjRgK6SaA1guJp91X44WqFfkT9lAzpZosZSTpwMTYOCVAI7kQaN; Expires=Tue, 08 Oct 2024 15:27:05 GMT; Path=/
                                                                                                                                                                  Set-Cookie: AWSALBCORS=+5ALbaUjQ9USpjadU2xjmZrOkAByfk0o42cpTdcbj55MEaP/7wu1Due7xXQznlP4SOip1viDyUjRgK6SaA1guJp91X44WqFfkT9lAzpZosZSTpwMTYOCVAI7kQaN; Expires=Tue, 08 Oct 2024 15:27:05 GMT; Path=/; SameSite=None; Secure
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  X-Powered-By: PHP/7.3.29
                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  P3P: CP="CAO PSA OUR"
                                                                                                                                                                  Set-Cookie: lepide_2=85af5be9e818ed15846cc4d04f726994; expires=Wed, 01-Oct-2025 15:27:05 GMT; Max-Age=31536000; path=/; domain=iljmp.com; secure; SameSite=None
                                                                                                                                                                  2024-10-01 15:27:05 UTC60INData Raw: 33 36 0d 0a 69 6d 70 72 6f 76 65 6c 79 2e 69 64 65 6e 74 69 66 79 28 27 38 35 61 66 35 62 65 39 65 38 31 38 65 64 31 35 38 34 36 63 63 34 64 30 34 66 37 32 36 39 39 34 27 29 0d 0a
                                                                                                                                                                  Data Ascii: 36improvely.identify('85af5be9e818ed15846cc4d04f726994')
                                                                                                                                                                  2024-10-01 15:27:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  60192.168.2.454690172.217.18.44436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:05 UTC2064OUTGET /pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5r [TRUNCATED]
                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:05 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                  P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:05 GMT
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                  Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Server: cafe
                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-01 15:27:05 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                  Data Ascii: GIF89a!,D;


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  61192.168.2.45469367.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:06 UTC952OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                  Referer: https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420; lepide_2_init=1727796421787; _ga_Q687VE4VEB=GS1.1.1727796422.1.0.1727796422.0.0.0; _ga=GA1.1.681739815.1727796422; _uetsid=9bc31e90800911ef948eb5c6372e0fee; _uetvid=9bc36200800911ef8321f7e7a4dacb97; lepide_2=85af5be9e818ed15846cc4d04f726994
                                                                                                                                                                  2024-10-01 15:27:06 UTC543INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:06 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 16 Jan 2013 11:58:58 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 1150
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:06 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/x-icon
                                                                                                                                                                  2024-10-01 15:27:06 UTC1150INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 cf 96 9c ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff cf 96 9c ff 94 14 21 ff 9f 2e 39 ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff 94 14 21 ff 94 14 21 ff f5 ca ce ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 84 27 37 ff 34 8e b0 ff 6e 44 59 ff 34 8e b0 ff 71 40 55 ff 94 14 21 ff f5 ca ce ff 94 14 21 ff 94
                                                                                                                                                                  Data Ascii: h( !!!!!!!!!!!!!!!.9!!!!!!!!'74nDY4q@U!!


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  62192.168.2.454691172.217.18.44436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:06 UTC1773OUTGET /pagead/1p-conversion/1057256791/?random=1405446386&cv=11&fst=1727796422723&bg=ffffff&guid=ON&async=1&gtm=45be49u0v9105094387z8830597046za201zb830597046&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.nucleustechnologies.com%2Fthanks-for-installing-kernel-pst-viewer.html&label=SYGHCJm4kQQQ1&hn=www.googleadservices.com&frm=0&tiba=Thank%20you%20for%20installing%20Kernel%20Outlook%20PST%20Viewer%20Free&value=0&npa=0&pscdl=noapi&auid=913600639.1727796420&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjqxrECCJHJsQIiAQFAAUosZXZlbnQtc291cmNlLCB0cmlnZ2VyLCBub3QtbmF2aWdhdGlvbi1zb3VyY2ViBAoCAgM&pscrd=CJaUv-e7-fuZwAEiEwiP_Mugv-2IAxXBqoMHHe9PKQMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6UGh0dHBzOi8vd3d3Lm51Y2xldXN0ZWNobm9sb2dpZXMuY29tL3RoYW5r [TRUNCATED]
                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  2024-10-01 15:27:06 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                  P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:06 GMT
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                  Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                  Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Server: cafe
                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-01 15:27:06 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                  Data Ascii: GIF89a!,D;


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  63192.168.2.45469567.227.166.814436440C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-01 15:27:07 UTC660OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                  Host: www.nucleustechnologies.com
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                  Accept: */*
                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                  Cookie: testCookie=1; _gcl_au=1.1.913600639.1727796420; lepide_2_init=1727796421787; _ga_Q687VE4VEB=GS1.1.1727796422.1.0.1727796422.0.0.0; _ga=GA1.1.681739815.1727796422; _uetsid=9bc31e90800911ef948eb5c6372e0fee; _uetvid=9bc36200800911ef8321f7e7a4dacb97; lepide_2=85af5be9e818ed15846cc4d04f726994
                                                                                                                                                                  2024-10-01 15:27:07 UTC543INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 01 Oct 2024 15:27:07 GMT
                                                                                                                                                                  Server: Apache
                                                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                                                  Connection: Upgrade, close
                                                                                                                                                                  Last-Modified: Wed, 16 Jan 2013 11:58:58 GMT
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 1150
                                                                                                                                                                  Cache-Control: max-age=31536000, public, public
                                                                                                                                                                  Expires: Thu, 31 Oct 2024 15:27:07 GMT
                                                                                                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                  Content-Type: image/x-icon
                                                                                                                                                                  2024-10-01 15:27:07 UTC1150INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 cf 96 9c ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff cf 96 9c ff 94 14 21 ff 9f 2e 39 ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff f5 ca ce ff 94 14 21 ff 94 14 21 ff f5 ca ce ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 94 14 21 ff 84 27 37 ff 34 8e b0 ff 6e 44 59 ff 34 8e b0 ff 71 40 55 ff 94 14 21 ff f5 ca ce ff 94 14 21 ff 94
                                                                                                                                                                  Data Ascii: h( !!!!!!!!!!!!!!!.9!!!!!!!!'74nDY4q@U!!


                                                                                                                                                                  Statistics

                                                                                                                                                                  CPU Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Memory Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                  Behavior

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  System Behavior

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:1
                                                                                                                                                                  Start time:11:26:11
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Users\user\Desktop\freekernelpstviewer.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\freekernelpstviewer.exe"
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  File size:5'169'960 bytes
                                                                                                                                                                  MD5 hash:E761750E919F40A6EFDFBD8BB51B9FE5
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:2
                                                                                                                                                                  Start time:11:26:11
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-T9FS9.tmp\freekernelpstviewer.tmp" /SL5="$10432,4877973,80384,C:\Users\user\Desktop\freekernelpstviewer.exe"
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  File size:736'256 bytes
                                                                                                                                                                  MD5 hash:94A04BEE414E9B518666B1303AAA6AE2
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                  • Detection: 5%, ReversingLabs
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:3
                                                                                                                                                                  Start time:11:26:12
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"
                                                                                                                                                                  Imagebase:0x8f0000
                                                                                                                                                                  File size:20'992 bytes
                                                                                                                                                                  MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:4
                                                                                                                                                                  Start time:11:26:13
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll"
                                                                                                                                                                  Imagebase:0x8f0000
                                                                                                                                                                  File size:20'992 bytes
                                                                                                                                                                  MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:5
                                                                                                                                                                  Start time:11:26:13
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\Redemption.dll"
                                                                                                                                                                  Imagebase:0x7ff6346d0000
                                                                                                                                                                  File size:25'088 bytes
                                                                                                                                                                  MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:6
                                                                                                                                                                  Start time:11:26:13
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\system32\ProfMan.dll"
                                                                                                                                                                  Imagebase:0x7ff6346d0000
                                                                                                                                                                  File size:25'088 bytes
                                                                                                                                                                  MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:7
                                                                                                                                                                  Start time:11:26:13
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll"
                                                                                                                                                                  Imagebase:0x7ff6346d0000
                                                                                                                                                                  File size:25'088 bytes
                                                                                                                                                                  MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:8
                                                                                                                                                                  Start time:11:26:13
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll"
                                                                                                                                                                  Imagebase:0x7ff6346d0000
                                                                                                                                                                  File size:25'088 bytes
                                                                                                                                                                  MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:9
                                                                                                                                                                  Start time:11:26:13
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\Redemption64.dll"
                                                                                                                                                                  Imagebase:0x8f0000
                                                                                                                                                                  File size:20'992 bytes
                                                                                                                                                                  MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:10
                                                                                                                                                                  Start time:11:26:13
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Windows\system32\regsvr32.exe" /u /s "C:\Windows\SysWOW64\ProfMan64.dll"
                                                                                                                                                                  Imagebase:0x8f0000
                                                                                                                                                                  File size:20'992 bytes
                                                                                                                                                                  MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:14
                                                                                                                                                                  Start time:11:26:42
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.OCX"
                                                                                                                                                                  Imagebase:0x8f0000
                                                                                                                                                                  File size:20'992 bytes
                                                                                                                                                                  MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:16
                                                                                                                                                                  Start time:11:26:48
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Kernel Outlook PST Viewer\Kernel Outlook PST Viewer.exe"
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  File size:45'826'952 bytes
                                                                                                                                                                  MD5 hash:BC8F3E0E63BDABEE5917BBC545D16D31
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:17
                                                                                                                                                                  Start time:11:26:49
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.nucleustechnologies.com/thanks-for-installing-kernel-pst-viewer.html
                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:19
                                                                                                                                                                  Start time:11:26:51
                                                                                                                                                                  Start date:01/10/2024
                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1856,i,4981765526884018428,11496894683768264734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  Disassembly

                                                                                                                                                                  Reset < >

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:22.1%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                    Signature Coverage:7.8%
                                                                                                                                                                    Total number of Nodes:1552
                                                                                                                                                                    Total number of Limit Nodes:22
                                                                                                                                                                    execution_graph 4984 407a40 SetFilePointer 4985 407a73 4984->4985 4986 407a63 GetLastError 4984->4986 4986->4985 4987 407a6c 4986->4987 4989 407908 GetLastError 4987->4989 4992 407868 4989->4992 5001 407700 FormatMessageA 4992->5001 4995 4078b0 5008 405ce0 4995->5008 4998 4078bf 5012 403198 4998->5012 5002 407726 5001->5002 5016 403278 5002->5016 5005 4055e4 5108 4055f8 5005->5108 5009 405ce7 5008->5009 5010 4031e8 18 API calls 5009->5010 5011 405cff 5010->5011 5011->4998 5013 4031b7 5012->5013 5014 40319e 5012->5014 5013->4985 5014->5013 5236 4025ac 5014->5236 5021 403254 5016->5021 5018 403288 5019 403198 4 API calls 5018->5019 5020 4032a0 5019->5020 5020->4995 5020->5005 5022 403274 5021->5022 5023 403258 5021->5023 5022->5018 5026 402594 5023->5026 5027 402598 5026->5027 5030 4025a2 5026->5030 5032 401fd4 5027->5032 5028 40259e 5028->5030 5043 403154 5028->5043 5030->5018 5033 401fe8 5032->5033 5034 401fed 5032->5034 5051 401918 RtlInitializeCriticalSection 5033->5051 5036 402012 RtlEnterCriticalSection 5034->5036 5037 40201c 5034->5037 5042 401ff1 5034->5042 5036->5037 5037->5042 5058 401ee0 5037->5058 5040 402147 5040->5028 5041 40213d RtlLeaveCriticalSection 5041->5040 5042->5028 5044 403164 5043->5044 5045 40318c TlsGetValue 5043->5045 5044->5030 5046 403196 5045->5046 5047 40316f 5045->5047 5046->5030 5103 40310c 5047->5103 5049 403174 TlsGetValue 5050 403184 5049->5050 5050->5030 5052 40193c RtlEnterCriticalSection 5051->5052 5053 401946 5051->5053 5052->5053 5054 401964 LocalAlloc 5053->5054 5055 40197e 5054->5055 5056 4019c3 RtlLeaveCriticalSection 5055->5056 5057 4019cd 5055->5057 5056->5057 5057->5034 5059 401ef0 5058->5059 5060 401f1c 5059->5060 5063 401f40 5059->5063 5064 401e58 5059->5064 5060->5063 5069 401d00 5060->5069 5063->5040 5063->5041 5073 4016d8 5064->5073 5067 401e75 5067->5059 5070 401d4e 5069->5070 5071 401d1e 5069->5071 5070->5071 5090 401c68 5070->5090 5071->5063 5074 4016f4 5073->5074 5075 401430 LocalAlloc VirtualAlloc VirtualFree 5074->5075 5076 4016fe 5074->5076 5078 40175b 5074->5078 5079 40132c LocalAlloc 5074->5079 5081 40174f 5074->5081 5075->5074 5077 4015c4 VirtualAlloc 5076->5077 5080 40170a 5077->5080 5078->5067 5083 401dcc 5078->5083 5079->5074 5080->5078 5082 40150c VirtualFree 5081->5082 5082->5078 5084 401d80 9 API calls 5083->5084 5085 401de0 5084->5085 5086 40132c LocalAlloc 5085->5086 5087 401df0 5086->5087 5088 401b44 9 API calls 5087->5088 5089 401df8 5087->5089 5088->5089 5089->5067 5091 401c7a 5090->5091 5092 401c9d 5091->5092 5093 401caf 5091->5093 5094 40188c LocalAlloc VirtualFree VirtualFree 5092->5094 5095 40188c LocalAlloc VirtualFree VirtualFree 5093->5095 5096 401cad 5094->5096 5095->5096 5097 401cc5 5096->5097 5098 401b44 9 API calls 5096->5098 5097->5071 5099 401cd4 5098->5099 5100 401cee 5099->5100 5101 401b98 9 API calls 5099->5101 5102 4013a0 LocalAlloc 5100->5102 5101->5100 5102->5097 5104 403120 LocalAlloc 5103->5104 5105 403116 5103->5105 5106 40313e TlsSetValue 5104->5106 5107 403132 5104->5107 5105->5104 5106->5107 5107->5049 5109 405615 5108->5109 5116 4052a8 5109->5116 5112 405641 5114 403278 18 API calls 5112->5114 5115 4055f3 5114->5115 5115->4995 5120 4052c3 5116->5120 5117 4052d5 5117->5112 5121 405034 5117->5121 5120->5117 5124 4053ca 5120->5124 5131 40529c 5120->5131 5228 405d90 5121->5228 5123 405045 5123->5112 5125 4053db 5124->5125 5127 405429 5124->5127 5125->5127 5128 4054af 5125->5128 5130 405447 5127->5130 5134 405244 5127->5134 5128->5130 5138 405288 5128->5138 5130->5120 5132 403198 4 API calls 5131->5132 5133 4052a6 5132->5133 5133->5120 5135 405252 5134->5135 5141 40504c 5135->5141 5137 405280 5137->5127 5167 4039a4 5138->5167 5144 405e00 5141->5144 5143 405065 5143->5137 5145 405e0e 5144->5145 5154 40512c LoadStringA 5145->5154 5148 4055e4 33 API calls 5149 405e46 5148->5149 5157 4031e8 5149->5157 5155 403278 18 API calls 5154->5155 5156 405159 5155->5156 5156->5148 5158 4031ec 5157->5158 5161 4031fc 5157->5161 5160 403254 18 API calls 5158->5160 5158->5161 5159 403228 5163 4031b8 5159->5163 5160->5161 5161->5159 5162 4025ac LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5161->5162 5162->5159 5165 4031be 5163->5165 5164 4031e3 5164->5143 5165->5164 5166 4025ac LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5165->5166 5166->5165 5168 4039ab 5167->5168 5173 4038b4 5168->5173 5170 4039cb 5171 403198 4 API calls 5170->5171 5172 4039d2 5171->5172 5172->5130 5174 4038d5 5173->5174 5175 4038c8 5173->5175 5177 403934 5174->5177 5178 4038db 5174->5178 5201 403780 5175->5201 5179 403993 5177->5179 5180 40393b 5177->5180 5181 4038e1 5178->5181 5182 4038ee 5178->5182 5188 4037f4 3 API calls 5179->5188 5183 403941 5180->5183 5184 40394b 5180->5184 5208 403894 5181->5208 5187 403894 6 API calls 5182->5187 5223 403864 5183->5223 5190 4037f4 3 API calls 5184->5190 5185 4038d0 5185->5170 5191 4038fc 5187->5191 5188->5185 5192 40395d 5190->5192 5213 4037f4 5191->5213 5194 403864 23 API calls 5192->5194 5196 403976 5194->5196 5195 403917 5219 40374c 5195->5219 5199 40374c VariantClear 5196->5199 5198 40392c 5198->5170 5200 40398b 5199->5200 5200->5170 5202 4037f0 5201->5202 5203 403744 5201->5203 5202->5185 5203->5201 5204 403793 VariantClear 5203->5204 5205 4037dc VariantCopyInd 5203->5205 5206 403198 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5203->5206 5207 4037ab 5203->5207 5204->5203 5205->5202 5205->5203 5206->5203 5207->5185 5209 4036b8 MultiByteToWideChar SysAllocStringLen MultiByteToWideChar SysAllocStringLen MultiByteToWideChar 5208->5209 5210 4038a0 5209->5210 5211 40374c VariantClear 5210->5211 5212 4038a9 5211->5212 5212->5185 5214 403845 VariantChangeTypeEx 5213->5214 5215 40380a VariantChangeTypeEx 5213->5215 5218 403832 5214->5218 5216 403826 5215->5216 5217 40374c VariantClear 5216->5217 5217->5218 5218->5195 5220 403766 5219->5220 5221 403759 5219->5221 5220->5198 5221->5220 5222 403779 VariantClear 5221->5222 5222->5198 5224 40369c 22 API calls 5223->5224 5225 40387b 5224->5225 5226 40374c VariantClear 5225->5226 5227 403882 5226->5227 5227->5185 5229 405d9c 5228->5229 5230 40512c 19 API calls 5229->5230 5231 405dc2 5230->5231 5232 4031e8 18 API calls 5231->5232 5233 405dcd 5232->5233 5234 403198 4 API calls 5233->5234 5235 405de2 5234->5235 5235->5123 5237 4025b0 5236->5237 5238 4025ba 5236->5238 5237->5238 5239 403154 4 API calls 5237->5239 5238->5013 5239->5238 6621 40af42 6622 40af72 6621->6622 6623 40af7c CreateWindowExA SetWindowLongA 6622->6623 6624 4055e4 33 API calls 6623->6624 6625 40afff 6624->6625 6626 4032fc 18 API calls 6625->6626 6627 40b00d 6626->6627 6628 4032fc 18 API calls 6627->6628 6629 40b01a 6628->6629 6630 406fcc 19 API calls 6629->6630 6631 40b026 6630->6631 6632 4032fc 18 API calls 6631->6632 6633 40b02f 6632->6633 6634 409e8c 43 API calls 6633->6634 6635 40b041 6634->6635 6636 409d6c 19 API calls 6635->6636 6637 40b054 6635->6637 6636->6637 6638 40b08d 6637->6638 6639 409978 9 API calls 6637->6639 6640 40b0a6 6638->6640 6643 40b0a0 RemoveDirectoryA 6638->6643 6639->6638 6641 40b0ba 6640->6641 6642 40b0af DestroyWindow 6640->6642 6644 40b0e2 6641->6644 6645 40357c 4 API calls 6641->6645 6642->6641 6643->6640 6646 40b0d8 6645->6646 6647 4025ac 4 API calls 6646->6647 6647->6644 5288 407b44 WriteFile 5289 407b64 5288->5289 5290 407b6b 5288->5290 5291 407908 35 API calls 5289->5291 5292 407b7c 5290->5292 5293 407868 34 API calls 5290->5293 5291->5290 5293->5292 6648 402b48 RaiseException 6649 40294a 6650 402952 6649->6650 6651 402967 6650->6651 6652 403554 4 API calls 6650->6652 6652->6650 6653 403f4a 6654 403f53 6653->6654 6655 403f5c 6653->6655 6657 403f07 6654->6657 6660 403f09 6657->6660 6658 403f3c 6658->6655 6661 403154 4 API calls 6660->6661 6663 403e9c 6660->6663 6667 403f3d 6660->6667 6680 403e9c 6660->6680 6661->6660 6662 403ef2 6664 402674 4 API calls 6662->6664 6663->6658 6663->6662 6668 403ea9 6663->6668 6671 403e8e 6663->6671 6670 403ecf 6664->6670 6667->6655 6669 402674 4 API calls 6668->6669 6668->6670 6669->6670 6670->6655 6672 403e4c 6671->6672 6673 403e62 6672->6673 6674 403e7b 6672->6674 6677 403e67 6672->6677 6676 403cc8 4 API calls 6673->6676 6675 402674 4 API calls 6674->6675 6678 403e78 6675->6678 6676->6677 6677->6678 6679 402674 4 API calls 6677->6679 6678->6662 6678->6668 6679->6678 6683 403ed7 6680->6683 6687 403ea9 6680->6687 6681 403ecf 6681->6660 6682 403ef2 6684 402674 4 API calls 6682->6684 6683->6682 6685 403e8e 4 API calls 6683->6685 6684->6681 6686 403ee6 6685->6686 6686->6682 6686->6687 6687->6681 6688 402674 4 API calls 6687->6688 6688->6681 5240 408450 5241 408462 5240->5241 5243 408469 5240->5243 5251 40838c 5241->5251 5244 408491 5243->5244 5245 408493 5243->5245 5249 40849d 5243->5249 5265 4082a8 5244->5265 5262 4081f8 5245->5262 5246 4084ca 5248 4081f8 33 API calls 5248->5246 5249->5246 5249->5248 5252 4083a1 5251->5252 5253 4081f8 33 API calls 5252->5253 5254 4083b0 5252->5254 5253->5254 5255 4083ea 5254->5255 5256 4081f8 33 API calls 5254->5256 5257 4083fe 5255->5257 5258 4081f8 33 API calls 5255->5258 5256->5255 5261 40842a 5257->5261 5272 408334 5257->5272 5258->5257 5261->5243 5275 405d14 5262->5275 5264 40821a 5264->5249 5266 4055e4 33 API calls 5265->5266 5267 4082d3 5266->5267 5283 408260 5267->5283 5269 4082db 5270 403198 4 API calls 5269->5270 5271 4082f0 5270->5271 5271->5249 5273 408343 VirtualFree 5272->5273 5274 408355 VirtualAlloc 5272->5274 5273->5274 5274->5261 5276 405d20 5275->5276 5277 4055e4 33 API calls 5276->5277 5278 405d4d 5277->5278 5279 4031e8 18 API calls 5278->5279 5280 405d58 5279->5280 5281 403198 4 API calls 5280->5281 5282 405d6d 5281->5282 5282->5264 5284 405d14 33 API calls 5283->5284 5285 408282 5284->5285 5285->5269 6253 403a52 6254 403a74 6253->6254 6255 403a5a WriteFile 6253->6255 6255->6254 6256 403a78 GetLastError 6255->6256 6256->6254 6257 402654 6258 403154 4 API calls 6257->6258 6259 402614 6258->6259 6260 403154 4 API calls 6259->6260 6261 402632 6259->6261 6260->6261 5297 40af57 5328 409ae8 GetLastError 5297->5328 5300 40af72 5302 40af7c CreateWindowExA SetWindowLongA 5300->5302 5303 4055e4 33 API calls 5302->5303 5304 40afff 5303->5304 5341 4032fc 5304->5341 5306 40b00d 5307 4032fc 18 API calls 5306->5307 5308 40b01a 5307->5308 5355 406fcc GetCommandLineA 5308->5355 5311 4032fc 18 API calls 5312 40b02f 5311->5312 5362 409e8c 5312->5362 5314 40b041 5316 40b054 5314->5316 5383 409d6c 5314->5383 5317 40b074 5316->5317 5318 40b08d 5316->5318 5389 409978 5317->5389 5320 40b0a6 5318->5320 5323 40b0a0 RemoveDirectoryA 5318->5323 5321 40b0ba 5320->5321 5322 40b0af DestroyWindow 5320->5322 5324 40b0e2 5321->5324 5397 40357c 5321->5397 5322->5321 5323->5320 5326 40b0d8 5327 4025ac 4 API calls 5326->5327 5327->5324 5407 4050e4 5328->5407 5331 407700 19 API calls 5332 409b3f 5331->5332 5410 409224 5332->5410 5335 405ce0 18 API calls 5336 409b63 5335->5336 5337 4031b8 4 API calls 5336->5337 5338 409b82 5337->5338 5339 403198 4 API calls 5338->5339 5340 409b8a 5339->5340 5340->5300 5378 402f24 5340->5378 5342 403300 5341->5342 5343 40333f 5341->5343 5344 4031e8 5342->5344 5345 40330a 5342->5345 5343->5306 5351 4031fc 5344->5351 5353 403254 18 API calls 5344->5353 5346 403334 5345->5346 5347 40331d 5345->5347 5350 4034f0 18 API calls 5346->5350 5432 4034f0 5347->5432 5348 403228 5348->5306 5352 403322 5350->5352 5351->5348 5354 4025ac 4 API calls 5351->5354 5352->5306 5353->5351 5354->5348 5445 406f40 5355->5445 5358 4032c4 18 API calls 5359 406ffa 5358->5359 5360 403198 4 API calls 5359->5360 5361 40700f 5360->5361 5361->5311 5459 4033b4 5362->5459 5364 409ec7 5365 409ef9 CreateProcessA 5364->5365 5366 409f05 5365->5366 5367 409f0c CloseHandle 5365->5367 5368 409ae8 35 API calls 5366->5368 5369 409f15 5367->5369 5368->5367 5370 409e60 TranslateMessage DispatchMessageA PeekMessageA 5369->5370 5371 409f1a MsgWaitForMultipleObjects 5370->5371 5371->5369 5372 409f31 5371->5372 5373 409e60 TranslateMessage DispatchMessageA PeekMessageA 5372->5373 5374 409f36 GetExitCodeProcess CloseHandle 5373->5374 5375 409f56 5374->5375 5376 403198 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5375->5376 5377 409f5e 5376->5377 5377->5314 5379 403154 4 API calls 5378->5379 5380 402f29 5379->5380 5465 402bcc 5380->5465 5382 402f51 5382->5382 5384 409d74 5383->5384 5388 409dae 5383->5388 5385 403420 18 API calls 5384->5385 5384->5388 5386 409da8 5385->5386 5468 4092fc 5386->5468 5388->5316 5390 4099d2 5389->5390 5392 40998b 5389->5392 5390->5318 5391 409993 Sleep 5391->5392 5392->5390 5392->5391 5393 4099a3 Sleep 5392->5393 5395 4099ba GetLastError 5392->5395 5491 409438 5392->5491 5393->5392 5395->5390 5396 4099c4 GetLastError 5395->5396 5396->5390 5396->5392 5398 403591 5397->5398 5399 4035aa 5397->5399 5398->5399 5402 4035d0 5398->5402 5405 4035b6 5398->5405 5400 4035b1 5399->5400 5401 4035b8 5399->5401 5403 403198 4 API calls 5400->5403 5404 4031b8 4 API calls 5401->5404 5406 40357c 4 API calls 5402->5406 5403->5405 5404->5405 5405->5326 5406->5405 5408 4055f8 33 API calls 5407->5408 5409 405102 5408->5409 5409->5331 5411 409244 5410->5411 5414 4090fc 5411->5414 5415 403198 4 API calls 5414->5415 5425 40912d 5415->5425 5416 409158 5417 4031b8 4 API calls 5416->5417 5418 4091e5 5417->5418 5418->5335 5419 409144 5426 4032c4 5419->5426 5421 403278 18 API calls 5421->5425 5423 4032fc 18 API calls 5423->5416 5424 4032fc 18 API calls 5424->5425 5425->5416 5425->5419 5425->5421 5425->5424 5429 403278 5426->5429 5427 403254 18 API calls 5428 403288 5427->5428 5430 403198 4 API calls 5428->5430 5429->5427 5431 4032a0 5430->5431 5431->5423 5433 4034fd 5432->5433 5440 40352d 5432->5440 5434 403526 5433->5434 5436 403509 5433->5436 5437 403254 18 API calls 5434->5437 5435 403198 4 API calls 5438 403517 5435->5438 5441 4025c4 5436->5441 5437->5440 5438->5352 5440->5435 5442 4025ca 5441->5442 5443 4025dc 5442->5443 5444 403154 4 API calls 5442->5444 5443->5438 5443->5443 5444->5443 5446 406f6c 5445->5446 5447 403278 18 API calls 5446->5447 5448 406f79 5447->5448 5455 403420 5448->5455 5450 406f81 5451 4031e8 18 API calls 5450->5451 5452 406f99 5451->5452 5453 403198 4 API calls 5452->5453 5454 406fbb 5453->5454 5454->5358 5456 403426 5455->5456 5458 403437 5455->5458 5457 403254 18 API calls 5456->5457 5456->5458 5457->5458 5458->5450 5460 4033bc 5459->5460 5461 403254 18 API calls 5460->5461 5462 4033cf 5461->5462 5463 4031e8 18 API calls 5462->5463 5464 4033f7 5463->5464 5466 402bd5 RaiseException 5465->5466 5467 402be6 5465->5467 5466->5467 5467->5382 5469 40930a 5468->5469 5471 409322 5469->5471 5481 409294 5469->5481 5472 409294 18 API calls 5471->5472 5473 409346 5471->5473 5472->5473 5484 407d94 5473->5484 5475 409361 5476 409294 18 API calls 5475->5476 5477 409374 5475->5477 5476->5477 5478 409294 18 API calls 5477->5478 5479 403278 18 API calls 5477->5479 5480 4093a3 5477->5480 5478->5477 5479->5477 5480->5388 5482 405ce0 18 API calls 5481->5482 5483 4092a5 5482->5483 5483->5471 5487 407d40 5484->5487 5488 407d52 5487->5488 5489 407d63 5487->5489 5490 407d57 InterlockedExchange 5488->5490 5489->5475 5490->5489 5499 4093ec 5491->5499 5493 40944e 5494 409452 5493->5494 5495 40946e DeleteFileA GetLastError 5493->5495 5494->5392 5496 40948c 5495->5496 5505 409428 5496->5505 5500 4093f6 5499->5500 5501 4093fa 5499->5501 5500->5493 5502 409403 Wow64DisableWow64FsRedirection 5501->5502 5503 40941c SetLastError 5501->5503 5504 409417 5502->5504 5503->5504 5504->5493 5506 409437 5505->5506 5507 40942d Wow64RevertWow64FsRedirection 5505->5507 5506->5392 5507->5506 6266 402e64 6267 402e69 6266->6267 6268 402e7a RtlUnwind 6267->6268 6269 402e5e 6267->6269 6270 402e9d 6268->6270 6279 407a76 GetFileSize 6280 407aa2 6279->6280 6281 407a92 GetLastError 6279->6281 6281->6280 6282 407a9b 6281->6282 6283 407908 35 API calls 6282->6283 6283->6280 6711 403f7d 6712 403fa2 6711->6712 6715 403f84 6711->6715 6714 403e8e 4 API calls 6712->6714 6712->6715 6713 403f8c 6714->6715 6715->6713 6716 402674 4 API calls 6715->6716 6717 403fca 6716->6717 5950 40ae7e 5951 40aea3 5950->5951 5952 407d94 InterlockedExchange 5951->5952 5953 40aecd 5952->5953 5954 40aedd 5953->5954 5955 409f88 18 API calls 5953->5955 5960 407b28 SetEndOfFile 5954->5960 5955->5954 5957 40aef9 5958 4025ac 4 API calls 5957->5958 5959 40af30 5958->5959 5961 407b38 5960->5961 5962 407b3f 5960->5962 5963 407908 35 API calls 5961->5963 5962->5957 5963->5962 6294 409e00 6295 409e22 6294->6295 6297 409e0f 6294->6297 6296 409e3e CallWindowProcA 6296->6295 6297->6295 6297->6296 6718 403d02 6719 403d12 6718->6719 6720 403ddf ExitProcess 6719->6720 6721 403db8 6719->6721 6723 403dea 6719->6723 6727 403da4 6719->6727 6728 403d8f MessageBoxA 6719->6728 6722 403cc8 4 API calls 6721->6722 6724 403dc2 6722->6724 6725 403cc8 4 API calls 6724->6725 6726 403dcc 6725->6726 6738 4019dc 6726->6738 6734 403fe4 6727->6734 6728->6721 6730 403dd1 6730->6720 6730->6723 6735 403fe8 6734->6735 6736 403f07 4 API calls 6735->6736 6737 404006 6736->6737 6739 401abb 6738->6739 6740 4019ed 6738->6740 6739->6730 6741 401a04 RtlEnterCriticalSection 6740->6741 6742 401a0e LocalFree 6740->6742 6741->6742 6743 401a41 6742->6743 6744 401a2f VirtualFree 6743->6744 6745 401a49 6743->6745 6744->6743 6746 401a70 LocalFree 6745->6746 6747 401a87 6745->6747 6746->6746 6746->6747 6748 401aa9 RtlDeleteCriticalSection 6747->6748 6749 401a9f RtlLeaveCriticalSection 6747->6749 6748->6730 6749->6748 6298 404206 6299 4041cc 6298->6299 6302 40420a 6298->6302 6300 404282 6301 403154 4 API calls 6303 404323 6301->6303 6302->6300 6302->6301 6304 402c08 6305 402c82 6304->6305 6308 402c19 6304->6308 6306 402c56 RtlUnwind 6307 403154 4 API calls 6306->6307 6307->6305 6308->6305 6308->6306 6311 402b28 6308->6311 6312 402b31 RaiseException 6311->6312 6313 402b47 6311->6313 6312->6313 6313->6306 6754 40830c 6755 408334 VirtualFree 6754->6755 6756 408319 6755->6756 6322 403018 6323 403070 6322->6323 6324 403025 6322->6324 6325 40302a RtlUnwind 6324->6325 6326 40304e 6325->6326 6328 402f78 6326->6328 6329 402be8 6326->6329 6330 402bf1 RaiseException 6329->6330 6331 402c04 6329->6331 6330->6331 6331->6323 6332 409220 6333 409244 6332->6333 6334 4090fc 18 API calls 6333->6334 6335 40924d 6334->6335 6767 405f24 6768 405f34 6767->6768 6769 405f2c 6767->6769 6770 405f32 6769->6770 6771 405f3b 6769->6771 6774 405e9c 6770->6774 6772 405d90 19 API calls 6771->6772 6772->6768 6775 405ea4 6774->6775 6776 405ebe 6775->6776 6777 403154 4 API calls 6775->6777 6778 405ec3 6776->6778 6779 405eda 6776->6779 6777->6775 6781 405d90 19 API calls 6778->6781 6780 403154 4 API calls 6779->6780 6783 405edf 6780->6783 6782 405ed6 6781->6782 6785 403154 4 API calls 6782->6785 6784 405e00 33 API calls 6783->6784 6784->6782 6786 405f08 6785->6786 6787 403154 4 API calls 6786->6787 6788 405f16 6787->6788 6788->6768 6336 403a28 ReadFile 6337 403a46 6336->6337 6338 403a49 GetLastError 6336->6338 6339 40462b 6340 404638 SetErrorMode 6339->6340 6789 403932 6790 403924 6789->6790 6791 40374c VariantClear 6790->6791 6792 40392c 6791->6792 6793 40b137 6802 409b9c 6793->6802 6796 402f24 5 API calls 6797 40b141 6796->6797 6798 403198 4 API calls 6797->6798 6799 40b160 6798->6799 6800 403198 4 API calls 6799->6800 6801 40b168 6800->6801 6811 405afc 6802->6811 6804 409be5 6807 403198 4 API calls 6804->6807 6805 409bb7 6805->6804 6817 407688 6805->6817 6809 409bfa 6807->6809 6808 409bd5 6810 409bdd MessageBoxA 6808->6810 6809->6796 6809->6797 6810->6804 6812 403154 4 API calls 6811->6812 6813 405b01 6812->6813 6814 405b19 6813->6814 6815 403154 4 API calls 6813->6815 6814->6805 6816 405b0f 6815->6816 6816->6805 6818 405afc 4 API calls 6817->6818 6819 407697 6818->6819 6820 4076ab 6819->6820 6821 40769d 6819->6821 6824 4076bb 6820->6824 6826 4076c7 6820->6826 6822 40322c 4 API calls 6821->6822 6823 4076a9 6822->6823 6823->6808 6828 40764c 6824->6828 6835 4032b8 6826->6835 6829 40322c 4 API calls 6828->6829 6830 40765b 6829->6830 6831 407678 6830->6831 6832 406da0 CharPrevA 6830->6832 6831->6823 6833 407667 6832->6833 6833->6831 6834 4032fc 18 API calls 6833->6834 6834->6831 6836 403278 18 API calls 6835->6836 6837 4032c2 6836->6837 6837->6823 5294 4079c4 5295 4079d0 CloseHandle 5294->5295 5296 4079d9 5294->5296 5295->5296 6351 402ccc 6354 402cfe 6351->6354 6356 402cdd 6351->6356 6352 402d88 RtlUnwind 6353 403154 4 API calls 6352->6353 6353->6354 6355 402b28 RaiseException 6357 402d7f 6355->6357 6356->6352 6356->6354 6356->6355 6357->6352 6358 406acc IsDBCSLeadByte 6359 406ae4 6358->6359 6846 403fcd 6847 403f07 4 API calls 6846->6847 6848 403fd6 6847->6848 6849 403e9c 4 API calls 6848->6849 6850 403fe2 6849->6850 5964 40accf 5965 409f88 18 API calls 5964->5965 5966 40acd4 5965->5966 5967 402f24 5 API calls 5966->5967 5968 40acd9 5967->5968 6001 409ddc 5968->6001 5970 40ad31 6006 4026c4 GetSystemTime 5970->6006 5972 40acde 5972->5970 6042 409254 5972->6042 5973 40ad36 6007 4097d0 5973->6007 5977 4031e8 18 API calls 5979 40ad4b 5977->5979 5978 40ad0d 5981 40ad15 MessageBoxA 5978->5981 6025 406d78 5979->6025 5981->5970 5983 40ad22 5981->5983 6045 405cb4 5983->6045 5987 406a88 19 API calls 5988 40ad79 5987->5988 5989 403340 18 API calls 5988->5989 5990 40ad87 5989->5990 5991 4031e8 18 API calls 5990->5991 5992 40ad97 5991->5992 5993 40795c 37 API calls 5992->5993 5994 40add6 5993->5994 5995 402594 18 API calls 5994->5995 5996 40adf6 5995->5996 5997 407ea4 19 API calls 5996->5997 5998 40ae38 5997->5998 5999 408134 35 API calls 5998->5999 6000 40ae5f 5999->6000 6049 4099dc 6001->6049 6004 409d6c 19 API calls 6005 409dfc 6004->6005 6005->5972 6006->5973 6024 4097f0 6007->6024 6010 409815 CreateDirectoryA 6011 40988d 6010->6011 6012 40981f GetLastError 6010->6012 6013 40322c 4 API calls 6011->6013 6012->6024 6014 409897 6013->6014 6017 4031b8 4 API calls 6014->6017 6015 409254 18 API calls 6015->6024 6016 4050e4 33 API calls 6016->6024 6018 4098b1 6017->6018 6020 4031b8 4 API calls 6018->6020 6019 407700 19 API calls 6019->6024 6021 4098be 6020->6021 6021->5977 6022 409224 18 API calls 6022->6024 6023 405ce0 18 API calls 6023->6024 6024->6010 6024->6015 6024->6016 6024->6019 6024->6022 6024->6023 6105 407170 6024->6105 6128 4096c4 6024->6128 6235 406c70 6025->6235 6028 403454 18 API calls 6029 406d9a 6028->6029 6030 406b10 6029->6030 6240 406d34 6030->6240 6033 406b40 6035 403340 18 API calls 6033->6035 6034 406b4e 6036 403454 18 API calls 6034->6036 6037 406b4c 6035->6037 6038 406b61 6036->6038 6040 403198 4 API calls 6037->6040 6039 403340 18 API calls 6038->6039 6039->6037 6041 406b83 6040->6041 6041->5987 6043 409224 18 API calls 6042->6043 6044 409270 6043->6044 6044->5978 6046 405cb9 6045->6046 6047 405d90 19 API calls 6046->6047 6048 405ccb 6047->6048 6048->6048 6050 4099fb 6049->6050 6051 409a30 6050->6051 6052 409a34 6050->6052 6056 409a0f 6050->6056 6054 409a3d GetUserDefaultLangID 6051->6054 6057 409a32 6051->6057 6061 4074a0 GetModuleHandleA GetProcAddress 6052->6061 6054->6057 6056->6004 6057->6056 6058 409a6b GetACP 6057->6058 6059 409a8f 6057->6059 6058->6056 6058->6057 6059->6056 6060 409ab5 GetACP 6059->6060 6060->6056 6060->6059 6062 4074e3 6061->6062 6063 4074da 6061->6063 6064 407524 6062->6064 6065 4074ec 6062->6065 6074 403198 4 API calls 6063->6074 6067 4073e4 RegOpenKeyExA 6064->6067 6082 4073e4 6065->6082 6069 40753d 6067->6069 6068 407505 6070 40755a 6068->6070 6085 4073d8 6068->6085 6069->6070 6071 4073d8 20 API calls 6069->6071 6072 40322c 4 API calls 6070->6072 6075 407551 RegCloseKey 6071->6075 6076 407567 6072->6076 6078 40759c 6074->6078 6075->6070 6079 4032fc 18 API calls 6076->6079 6080 403198 4 API calls 6078->6080 6079->6063 6081 4075a4 6080->6081 6081->6057 6083 4073f5 RegOpenKeyExA 6082->6083 6084 4073ef 6082->6084 6083->6068 6084->6083 6088 40728c 6085->6088 6089 4072b2 RegQueryValueExA 6088->6089 6090 4072f7 6089->6090 6096 4072d5 6089->6096 6092 403198 4 API calls 6090->6092 6091 4072ef 6093 403198 4 API calls 6091->6093 6094 4073c3 RegCloseKey 6092->6094 6093->6090 6094->6070 6095 403278 18 API calls 6095->6096 6096->6090 6096->6091 6096->6095 6097 403420 18 API calls 6096->6097 6098 40732c RegQueryValueExA 6097->6098 6098->6089 6099 407348 6098->6099 6099->6090 6100 4034f0 18 API calls 6099->6100 6101 40738a 6100->6101 6102 40739c 6101->6102 6104 403420 18 API calls 6101->6104 6103 4031e8 18 API calls 6102->6103 6103->6090 6104->6102 6147 406ea8 6105->6147 6108 4071a2 6110 406ea8 19 API calls 6108->6110 6112 4071ee 6108->6112 6111 4071b2 6110->6111 6113 4071be 6111->6113 6115 406e84 21 API calls 6111->6115 6155 406cd8 6112->6155 6113->6112 6118 406ea8 19 API calls 6113->6118 6124 4071e3 6113->6124 6115->6113 6120 4071d7 6118->6120 6119 406a88 19 API calls 6121 407203 6119->6121 6123 406e84 21 API calls 6120->6123 6120->6124 6122 40322c 4 API calls 6121->6122 6125 40720d 6122->6125 6123->6124 6124->6112 6167 407118 GetWindowsDirectoryA 6124->6167 6126 4031b8 4 API calls 6125->6126 6127 407227 6126->6127 6127->6024 6129 4096e4 6128->6129 6130 406a88 19 API calls 6129->6130 6131 4096fd 6130->6131 6132 40322c 4 API calls 6131->6132 6139 409708 6132->6139 6134 406dc8 20 API calls 6134->6139 6135 4033b4 18 API calls 6135->6139 6136 409254 18 API calls 6136->6139 6138 405ce0 18 API calls 6138->6139 6139->6134 6139->6135 6139->6136 6139->6138 6140 409784 6139->6140 6208 409650 6139->6208 6216 4094b0 6139->6216 6141 40322c 4 API calls 6140->6141 6142 40978f 6141->6142 6143 4031b8 4 API calls 6142->6143 6144 4097a9 6143->6144 6145 403198 4 API calls 6144->6145 6146 4097b1 6145->6146 6146->6024 6148 4034f0 18 API calls 6147->6148 6150 406ebb 6148->6150 6149 406ed2 GetEnvironmentVariableA 6149->6150 6151 406ede 6149->6151 6150->6149 6154 406ee5 6150->6154 6170 407268 6150->6170 6152 403198 4 API calls 6151->6152 6152->6154 6154->6108 6164 406e84 6154->6164 6156 403414 6155->6156 6157 406cfb GetFullPathNameA 6156->6157 6158 406d07 6157->6158 6159 406d1e 6157->6159 6158->6159 6160 406d0f 6158->6160 6161 40322c 4 API calls 6159->6161 6162 403278 18 API calls 6160->6162 6163 406d1c 6161->6163 6162->6163 6163->6119 6174 406e2c 6164->6174 6168 405230 18 API calls 6167->6168 6169 407139 6168->6169 6169->6112 6171 407276 6170->6171 6172 4034f0 18 API calls 6171->6172 6173 407284 6172->6173 6173->6150 6181 406dc8 6174->6181 6176 406e4e 6177 406e56 GetFileAttributesA 6176->6177 6178 406e6b 6177->6178 6179 403198 4 API calls 6178->6179 6180 406e73 6179->6180 6180->6108 6191 406b94 6181->6191 6183 406e00 6186 406e16 6183->6186 6187 406e0b 6183->6187 6184 406dd9 6184->6183 6198 406dc0 CharPrevA 6184->6198 6199 403454 6186->6199 6188 40322c 4 API calls 6187->6188 6190 406e14 6188->6190 6190->6176 6194 406ba5 6191->6194 6192 406c09 6193 406ad0 IsDBCSLeadByte 6192->6193 6196 406c04 6192->6196 6193->6196 6194->6192 6195 406bc3 6194->6195 6195->6196 6206 406ad0 IsDBCSLeadByte 6195->6206 6196->6184 6198->6184 6200 403486 6199->6200 6201 403459 6199->6201 6202 403198 4 API calls 6200->6202 6201->6200 6203 40346d 6201->6203 6205 40347c 6202->6205 6204 403278 18 API calls 6203->6204 6204->6205 6205->6190 6207 406ae4 6206->6207 6207->6195 6209 403198 4 API calls 6208->6209 6211 409671 6209->6211 6213 40969e 6211->6213 6225 4032a8 6211->6225 6228 403494 6211->6228 6214 403198 4 API calls 6213->6214 6215 4096b3 6214->6215 6215->6139 6217 4093ec 2 API calls 6216->6217 6218 4094c6 6217->6218 6219 4094ca 6218->6219 6232 406e98 6218->6232 6219->6139 6222 4094fd 6223 409428 Wow64RevertWow64FsRedirection 6222->6223 6224 409505 6223->6224 6224->6139 6226 403278 18 API calls 6225->6226 6227 4032b5 6226->6227 6227->6211 6229 403498 6228->6229 6231 4034c3 6228->6231 6230 4034f0 18 API calls 6229->6230 6230->6231 6231->6211 6233 406e2c 21 API calls 6232->6233 6234 406ea2 GetLastError 6233->6234 6234->6222 6236 406b94 IsDBCSLeadByte 6235->6236 6238 406c85 6236->6238 6237 406ccf 6237->6028 6238->6237 6239 406ad0 IsDBCSLeadByte 6238->6239 6239->6238 6241 406d43 6240->6241 6242 406c70 IsDBCSLeadByte 6241->6242 6245 406d4e 6242->6245 6243 406b3a 6243->6033 6243->6034 6244 406ad0 IsDBCSLeadByte 6244->6245 6245->6243 6245->6244 6360 4024d0 6361 4024e4 6360->6361 6362 4024e9 6360->6362 6365 401918 4 API calls 6361->6365 6363 402518 6362->6363 6364 40250e RtlEnterCriticalSection 6362->6364 6367 4024ed 6362->6367 6375 402300 6363->6375 6364->6363 6365->6362 6369 402525 6371 402581 6369->6371 6372 402577 RtlLeaveCriticalSection 6369->6372 6370 401fd4 14 API calls 6373 402531 6370->6373 6372->6371 6373->6369 6385 40215c 6373->6385 6376 402314 6375->6376 6377 402335 6376->6377 6379 4023b8 6376->6379 6378 402344 6377->6378 6399 401b74 6377->6399 6378->6369 6378->6370 6379->6378 6383 402455 6379->6383 6402 401d80 6379->6402 6406 401e84 6379->6406 6383->6378 6384 401d00 9 API calls 6383->6384 6384->6378 6386 40217a 6385->6386 6387 402175 6385->6387 6388 4021ab RtlEnterCriticalSection 6386->6388 6391 4021b5 6386->6391 6395 40217e 6386->6395 6389 401918 4 API calls 6387->6389 6388->6391 6389->6386 6390 4021c1 6393 4022e3 RtlLeaveCriticalSection 6390->6393 6394 4022ed 6390->6394 6391->6390 6392 402244 6391->6392 6397 402270 6391->6397 6392->6395 6396 401d80 7 API calls 6392->6396 6393->6394 6394->6369 6395->6369 6396->6395 6397->6390 6398 401d00 7 API calls 6397->6398 6398->6390 6400 40215c 9 API calls 6399->6400 6401 401b95 6400->6401 6401->6378 6403 401d89 6402->6403 6405 401d92 6402->6405 6404 401b74 9 API calls 6403->6404 6403->6405 6404->6405 6405->6379 6411 401768 6406->6411 6408 401e99 6409 401dcc 9 API calls 6408->6409 6410 401ea6 6408->6410 6409->6410 6410->6379 6412 401787 6411->6412 6413 40183b 6412->6413 6414 401494 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 6412->6414 6416 40132c LocalAlloc 6412->6416 6417 401821 6412->6417 6419 4017d6 6412->6419 6420 4017e7 6413->6420 6426 4015c4 6413->6426 6414->6412 6416->6412 6418 40150c VirtualFree 6417->6418 6418->6420 6422 40150c 6419->6422 6420->6408 6425 40153b 6422->6425 6423 401594 6423->6420 6424 401568 VirtualFree 6424->6425 6425->6423 6425->6424 6428 40160a 6426->6428 6427 40163a 6427->6420 6428->6427 6429 401626 VirtualAlloc 6428->6429 6429->6427 6429->6428 6430 4028d2 6431 4028da 6430->6431 6433 4028ef 6431->6433 6436 403554 6431->6436 6434 4025ac 4 API calls 6433->6434 6435 4028f4 6434->6435 6437 403566 6436->6437 6439 403578 6437->6439 6440 403604 6437->6440 6439->6431 6441 40357c 6440->6441 6442 4035aa 6441->6442 6445 4035d0 6441->6445 6448 4035b6 6441->6448 6443 4035b1 6442->6443 6444 4035b8 6442->6444 6446 403198 4 API calls 6443->6446 6447 4031b8 4 API calls 6444->6447 6449 40357c 4 API calls 6445->6449 6446->6448 6447->6448 6448->6437 6449->6448 6851 4019d3 6852 4019ba 6851->6852 6853 4019c3 RtlLeaveCriticalSection 6852->6853 6854 4019cd 6852->6854 6853->6854 5508 407ae8 SetFilePointer 5509 407b1f 5508->5509 5510 407b0f GetLastError 5508->5510 5510->5509 5511 407b18 5510->5511 5512 407908 35 API calls 5511->5512 5512->5509 6866 402be9 RaiseException 6867 402c04 6866->6867 6458 40b0ef 6459 40b061 6458->6459 6460 40b08d 6459->6460 6461 409978 9 API calls 6459->6461 6462 40b0a6 6460->6462 6465 40b0a0 RemoveDirectoryA 6460->6465 6461->6460 6463 40b0ba 6462->6463 6464 40b0af DestroyWindow 6462->6464 6466 40b0e2 6463->6466 6467 40357c 4 API calls 6463->6467 6464->6463 6465->6462 6468 40b0d8 6467->6468 6469 4025ac 4 API calls 6468->6469 6469->6466 6470 402af2 6471 402afe 6470->6471 6474 402ed0 6471->6474 6475 403154 4 API calls 6474->6475 6477 402ee0 6475->6477 6476 402b03 6477->6476 6479 402b0c 6477->6479 6480 402b25 6479->6480 6481 402b15 RaiseException 6479->6481 6480->6476 6481->6480 6872 405ff2 6874 405ff4 6872->6874 6873 406030 6875 405d90 19 API calls 6873->6875 6874->6873 6876 40602a 6874->6876 6880 406047 6874->6880 6878 406043 6875->6878 6876->6873 6877 40609c 6876->6877 6879 405e00 33 API calls 6877->6879 6883 403198 4 API calls 6878->6883 6879->6878 6881 40512c 19 API calls 6880->6881 6882 406070 6881->6882 6884 405e00 33 API calls 6882->6884 6885 4060d6 6883->6885 6884->6878 6900 402dfa 6901 402e26 6900->6901 6902 402e0d 6900->6902 6904 402ba4 6902->6904 6905 402bc9 6904->6905 6906 402bad 6904->6906 6905->6901 6907 402bb5 RaiseException 6906->6907 6907->6905 6494 40b0fd 6503 4098e8 6494->6503 6496 40b102 6497 40b128 6496->6497 6498 40b120 MessageBoxA 6496->6498 6499 403198 4 API calls 6497->6499 6498->6497 6500 40b160 6499->6500 6501 403198 4 API calls 6500->6501 6502 40b168 6501->6502 6504 4098f4 GetCurrentProcess OpenProcessToken 6503->6504 6505 40994f ExitWindowsEx 6503->6505 6506 409906 6504->6506 6507 40990a LookupPrivilegeValueA AdjustTokenPrivileges GetLastError 6504->6507 6505->6506 6506->6496 6507->6505 6507->6506 6908 409dfe 6909 409e00 6908->6909 6910 409e22 6909->6910 6911 409e3e CallWindowProcA 6909->6911 6911->6910 6512 403a80 CloseHandle 6513 403a90 6512->6513 6514 403a91 GetLastError 6512->6514 6515 404283 6516 4042c3 6515->6516 6517 403154 4 API calls 6516->6517 6518 404323 6517->6518 6912 404185 6913 4041ff 6912->6913 6914 4041cc 6913->6914 6915 403154 4 API calls 6913->6915 6916 404323 6915->6916 6519 403e87 6520 403e4c 6519->6520 6521 403e67 6520->6521 6522 403e62 6520->6522 6523 403e7b 6520->6523 6526 403e78 6521->6526 6532 402674 6521->6532 6528 403cc8 6522->6528 6524 402674 4 API calls 6523->6524 6524->6526 6531 403cd6 6528->6531 6529 403ceb 6529->6521 6530 402674 4 API calls 6530->6529 6531->6529 6531->6530 6533 403154 4 API calls 6532->6533 6534 40267a 6533->6534 6534->6526 5286 407493 5287 407484 SetErrorMode 5286->5287 6535 403e95 6536 403e4c 6535->6536 6537 403e67 6536->6537 6538 403e62 6536->6538 6539 403e7b 6536->6539 6542 403e78 6537->6542 6543 402674 4 API calls 6537->6543 6541 403cc8 4 API calls 6538->6541 6540 402674 4 API calls 6539->6540 6540->6542 6541->6537 6543->6542 6544 403a97 6545 403aac 6544->6545 6546 403bbc GetStdHandle 6545->6546 6547 403b0e CreateFileA 6545->6547 6555 403ab2 6545->6555 6548 403c17 GetLastError 6546->6548 6552 403bba 6546->6552 6547->6548 6549 403b2c 6547->6549 6548->6555 6550 403b3b GetFileSize 6549->6550 6549->6552 6550->6548 6553 403b4e SetFilePointer 6550->6553 6554 403be7 GetFileType 6552->6554 6552->6555 6553->6548 6558 403b6a ReadFile 6553->6558 6554->6555 6557 403c02 CloseHandle 6554->6557 6557->6555 6558->6548 6559 403b8c 6558->6559 6559->6552 6560 403b9f SetFilePointer 6559->6560 6560->6548 6561 403bb0 SetEndOfFile 6560->6561 6561->6548 6561->6552 5513 40aa98 5556 4030dc 5513->5556 5515 40aaae 5559 4042e8 5515->5559 5517 40aab3 5562 404654 GetModuleHandleA GetVersion 5517->5562 5521 40aabd 5653 406a18 5521->5653 5523 40aac2 5662 409520 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 5523->5662 5530 40ab05 5690 40707c 5530->5690 5534 4031e8 18 API calls 5535 40ab23 5534->5535 5704 40795c 5535->5704 5541 407d94 InterlockedExchange 5544 40ab72 5541->5544 5542 40abb0 5724 40791c 5542->5724 5544->5542 5761 409f88 5544->5761 5545 40abd6 5546 40abf1 5545->5546 5547 409f88 18 API calls 5545->5547 5728 407ea4 5546->5728 5547->5546 5549 40ac16 5738 408f84 5549->5738 5553 40ac5c 5554 408f84 35 API calls 5553->5554 5555 40ac95 5553->5555 5554->5553 5771 403094 5556->5771 5558 4030e1 GetModuleHandleA GetCommandLineA 5558->5515 5560 403154 4 API calls 5559->5560 5561 404323 5559->5561 5560->5561 5561->5517 5563 4046a5 5562->5563 5564 404685 GetProcAddress 5562->5564 5566 4046ad GetProcAddress 5563->5566 5567 4048af GetProcAddress 5563->5567 5564->5563 5565 404696 5564->5565 5565->5563 5568 4046bc 5566->5568 5569 4048c5 GetProcAddress 5567->5569 5570 4048be 5567->5570 5772 4045a0 GetSystemDirectoryA 5568->5772 5572 4048d4 SetProcessDEPPolicy 5569->5572 5573 4048d8 5569->5573 5570->5569 5572->5573 5575 403198 4 API calls 5573->5575 5577 4048ed 5575->5577 5576 4031e8 18 API calls 5578 4046d8 5576->5578 5652 404a74 6F551CD0 5577->5652 5578->5567 5579 40470b 5578->5579 5580 4032fc 18 API calls 5578->5580 5775 40322c 5579->5775 5580->5579 5583 4032fc 18 API calls 5584 404726 5583->5584 5779 4045cc SetErrorMode 5584->5779 5587 40322c 4 API calls 5588 40473c 5587->5588 5589 4032fc 18 API calls 5588->5589 5590 404749 5589->5590 5591 4045cc 2 API calls 5590->5591 5592 404751 5591->5592 5593 40322c 4 API calls 5592->5593 5594 40475f 5593->5594 5595 4032fc 18 API calls 5594->5595 5596 40476c 5595->5596 5597 4045cc 2 API calls 5596->5597 5598 404774 5597->5598 5599 40322c 4 API calls 5598->5599 5600 404782 5599->5600 5601 4032fc 18 API calls 5600->5601 5602 40478f 5601->5602 5603 4045cc 2 API calls 5602->5603 5604 404797 5603->5604 5605 40322c 4 API calls 5604->5605 5606 4047a5 5605->5606 5607 4032fc 18 API calls 5606->5607 5608 4047b2 5607->5608 5609 4045cc 2 API calls 5608->5609 5610 4047ba 5609->5610 5611 40322c 4 API calls 5610->5611 5612 4047c8 5611->5612 5613 4032fc 18 API calls 5612->5613 5614 4047d5 5613->5614 5615 4045cc 2 API calls 5614->5615 5616 4047dd 5615->5616 5617 40322c 4 API calls 5616->5617 5618 4047eb 5617->5618 5619 4032fc 18 API calls 5618->5619 5620 4047f8 5619->5620 5621 4045cc 2 API calls 5620->5621 5622 404800 5621->5622 5623 40322c 4 API calls 5622->5623 5624 40480e 5623->5624 5625 4032fc 18 API calls 5624->5625 5626 40481b 5625->5626 5627 4045cc 2 API calls 5626->5627 5628 404823 5627->5628 5629 40322c 4 API calls 5628->5629 5630 404831 5629->5630 5631 4032fc 18 API calls 5630->5631 5632 40483e 5631->5632 5633 4045cc 2 API calls 5632->5633 5634 404846 5633->5634 5635 40322c 4 API calls 5634->5635 5636 404854 5635->5636 5637 4032fc 18 API calls 5636->5637 5638 404861 5637->5638 5639 4045cc 2 API calls 5638->5639 5640 404869 5639->5640 5641 40322c 4 API calls 5640->5641 5642 404877 5641->5642 5643 4032fc 18 API calls 5642->5643 5644 404884 5643->5644 5645 4045cc 2 API calls 5644->5645 5646 40488c 5645->5646 5647 40322c 4 API calls 5646->5647 5648 40489a 5647->5648 5649 4032fc 18 API calls 5648->5649 5650 4048a7 5649->5650 5651 4045cc 2 API calls 5650->5651 5651->5567 5652->5521 5788 4060f8 5653->5788 5663 409575 5662->5663 5868 407144 GetSystemDirectoryA 5663->5868 5667 40959c 5668 4032fc 18 API calls 5667->5668 5669 4095a9 5668->5669 5881 40741c SetErrorMode 5669->5881 5672 407700 19 API calls 5673 4095c3 5672->5673 5674 4031b8 4 API calls 5673->5674 5675 4095dd 5674->5675 5676 40a018 GetSystemInfo VirtualQuery 5675->5676 5677 40a0cc 5676->5677 5680 40a042 5676->5680 5682 409c08 5677->5682 5678 40a0ad VirtualQuery 5678->5677 5678->5680 5679 40a06c VirtualProtect 5679->5680 5680->5677 5680->5678 5680->5679 5681 40a09b VirtualProtect 5680->5681 5681->5678 5909 407020 GetCommandLineA 5682->5909 5684 409cf0 5685 4031b8 4 API calls 5684->5685 5687 409d0a 5685->5687 5686 40707c 20 API calls 5689 409c25 5686->5689 5687->5530 5754 40a128 5687->5754 5688 403454 18 API calls 5688->5689 5689->5684 5689->5686 5689->5688 5691 4070a3 GetModuleFileNameA 5690->5691 5692 4070c7 GetCommandLineA 5690->5692 5693 403278 18 API calls 5691->5693 5699 4070cc 5692->5699 5694 4070c5 5693->5694 5696 4070f4 5694->5696 5695 4070d1 5697 403198 4 API calls 5695->5697 5701 403198 4 API calls 5696->5701 5700 4070d9 5697->5700 5698 406f40 18 API calls 5698->5699 5699->5695 5699->5698 5699->5700 5702 40322c 4 API calls 5700->5702 5703 407109 5701->5703 5702->5696 5703->5534 5705 407966 5704->5705 5916 4079f2 5705->5916 5919 4079f4 5705->5919 5706 407992 5707 4079a6 5706->5707 5708 407908 35 API calls 5706->5708 5711 40a0d4 FindResourceA 5707->5711 5708->5707 5712 40a0e9 5711->5712 5713 40a0ee SizeofResource 5711->5713 5714 409f88 18 API calls 5712->5714 5715 40a100 LoadResource 5713->5715 5716 40a0fb 5713->5716 5714->5713 5718 40a113 LockResource 5715->5718 5719 40a10e 5715->5719 5717 409f88 18 API calls 5716->5717 5717->5715 5721 40a124 5718->5721 5722 40a11f 5718->5722 5720 409f88 18 API calls 5719->5720 5720->5718 5721->5541 5721->5544 5723 409f88 18 API calls 5722->5723 5723->5721 5725 407930 5724->5725 5726 407940 5725->5726 5727 407868 34 API calls 5725->5727 5726->5545 5727->5726 5729 407eb1 5728->5729 5730 405ce0 18 API calls 5729->5730 5731 407f05 5729->5731 5730->5731 5732 407d94 InterlockedExchange 5731->5732 5733 407f17 5732->5733 5734 405ce0 18 API calls 5733->5734 5735 407f2d 5733->5735 5734->5735 5736 407f70 5735->5736 5737 405ce0 18 API calls 5735->5737 5736->5549 5737->5736 5745 408ffe 5738->5745 5751 408fb5 5738->5751 5739 409049 5922 408134 5739->5922 5741 4034f0 18 API calls 5741->5751 5742 409060 5744 4031b8 4 API calls 5742->5744 5743 4034f0 18 API calls 5743->5745 5747 40907a 5744->5747 5745->5739 5745->5743 5749 403420 18 API calls 5745->5749 5750 4031e8 18 API calls 5745->5750 5753 408134 35 API calls 5745->5753 5746 403420 18 API calls 5746->5751 5768 405070 5747->5768 5748 4031e8 18 API calls 5748->5751 5749->5745 5750->5745 5751->5741 5751->5745 5751->5746 5751->5748 5752 408134 35 API calls 5751->5752 5752->5751 5753->5745 5755 40322c 4 API calls 5754->5755 5756 40a14b 5755->5756 5757 40a15a MessageBoxA 5756->5757 5758 40a16f 5757->5758 5759 403198 4 API calls 5758->5759 5760 40a177 5759->5760 5760->5530 5762 409f91 5761->5762 5763 409fa9 5761->5763 5765 405ce0 18 API calls 5762->5765 5764 405ce0 18 API calls 5763->5764 5767 409fba 5764->5767 5766 409fa3 5765->5766 5766->5542 5767->5542 5769 402594 18 API calls 5768->5769 5770 40507b 5769->5770 5770->5553 5771->5558 5783 40458c 5772->5783 5777 403230 5775->5777 5776 403252 5776->5583 5777->5776 5778 4025ac 4 API calls 5777->5778 5778->5776 5786 403414 5779->5786 5782 40461e 5782->5587 5784 4032c4 18 API calls 5783->5784 5785 40459b 5784->5785 5785->5576 5787 403418 LoadLibraryA 5786->5787 5787->5782 5789 405d90 19 API calls 5788->5789 5790 406109 5789->5790 5791 4056d0 GetSystemDefaultLCID 5790->5791 5794 405706 5791->5794 5792 4031e8 18 API calls 5792->5794 5793 40512c 19 API calls 5793->5794 5794->5792 5794->5793 5795 40565c 19 API calls 5794->5795 5796 405768 5794->5796 5795->5794 5797 40512c 19 API calls 5796->5797 5798 40565c 19 API calls 5796->5798 5799 4031e8 18 API calls 5796->5799 5800 4057eb 5796->5800 5797->5796 5798->5796 5799->5796 5801 4031b8 4 API calls 5800->5801 5802 405805 5801->5802 5803 405814 GetSystemDefaultLCID 5802->5803 5860 40565c GetLocaleInfoA 5803->5860 5806 4031e8 18 API calls 5807 405854 5806->5807 5808 40565c 19 API calls 5807->5808 5809 405869 5808->5809 5810 40565c 19 API calls 5809->5810 5811 40588d 5810->5811 5866 4056a8 GetLocaleInfoA 5811->5866 5814 4056a8 GetLocaleInfoA 5815 4058bd 5814->5815 5816 40565c 19 API calls 5815->5816 5817 4058d7 5816->5817 5818 4056a8 GetLocaleInfoA 5817->5818 5819 4058f4 5818->5819 5820 40565c 19 API calls 5819->5820 5821 40590e 5820->5821 5822 4031e8 18 API calls 5821->5822 5823 40591b 5822->5823 5824 40565c 19 API calls 5823->5824 5825 405930 5824->5825 5826 4031e8 18 API calls 5825->5826 5827 40593d 5826->5827 5828 4056a8 GetLocaleInfoA 5827->5828 5829 40594b 5828->5829 5830 40565c 19 API calls 5829->5830 5831 405965 5830->5831 5832 4031e8 18 API calls 5831->5832 5833 405972 5832->5833 5834 40565c 19 API calls 5833->5834 5835 405987 5834->5835 5836 4031e8 18 API calls 5835->5836 5837 405994 5836->5837 5838 40565c 19 API calls 5837->5838 5839 4059a9 5838->5839 5840 4059c6 5839->5840 5841 4059b7 5839->5841 5843 40322c 4 API calls 5840->5843 5842 40322c 4 API calls 5841->5842 5844 4059c4 5842->5844 5843->5844 5845 40565c 19 API calls 5844->5845 5846 4059e8 5845->5846 5847 405a05 5846->5847 5848 4059f6 5846->5848 5850 403198 4 API calls 5847->5850 5849 40322c 4 API calls 5848->5849 5851 405a03 5849->5851 5850->5851 5852 4033b4 18 API calls 5851->5852 5853 405a27 5852->5853 5854 4033b4 18 API calls 5853->5854 5855 405a41 5854->5855 5856 4031b8 4 API calls 5855->5856 5857 405a5b 5856->5857 5858 406144 GetVersionExA 5857->5858 5859 40615b 5858->5859 5859->5523 5861 405683 5860->5861 5862 405695 5860->5862 5863 403278 18 API calls 5861->5863 5864 40322c 4 API calls 5862->5864 5865 405693 5863->5865 5864->5865 5865->5806 5867 4056c4 5866->5867 5867->5814 5885 405230 5868->5885 5871 406a88 5872 406a92 5871->5872 5873 406ab5 5871->5873 5888 406da0 5872->5888 5874 40322c 4 API calls 5873->5874 5876 406abe 5874->5876 5876->5667 5877 406a99 5877->5873 5878 406aa4 5877->5878 5893 403340 5878->5893 5880 406ab2 5880->5667 5882 403414 5881->5882 5883 407454 LoadLibraryA 5882->5883 5884 40746a 5883->5884 5884->5672 5886 4032c4 18 API calls 5885->5886 5887 40523f 5886->5887 5887->5871 5889 406da7 5888->5889 5890 406dab 5888->5890 5889->5877 5908 406dc0 CharPrevA 5890->5908 5892 406dbc 5892->5877 5894 403344 5893->5894 5895 4033a5 5893->5895 5896 4031e8 5894->5896 5897 40334c 5894->5897 5901 403254 18 API calls 5896->5901 5903 4031fc 5896->5903 5897->5895 5899 40335b 5897->5899 5902 4031e8 18 API calls 5897->5902 5898 403228 5898->5880 5900 403254 18 API calls 5899->5900 5905 403375 5900->5905 5901->5903 5902->5899 5903->5898 5904 4025ac 4 API calls 5903->5904 5904->5898 5906 4031e8 18 API calls 5905->5906 5907 4033a1 5906->5907 5907->5880 5908->5892 5910 406f40 18 API calls 5909->5910 5911 407043 5910->5911 5912 406f40 18 API calls 5911->5912 5913 407055 5911->5913 5912->5911 5914 403198 4 API calls 5913->5914 5915 40706a 5914->5915 5915->5689 5917 4079f4 5916->5917 5918 407a33 CreateFileA 5917->5918 5918->5706 5920 403414 5919->5920 5921 407a33 CreateFileA 5920->5921 5921->5706 5923 40814f 5922->5923 5927 408144 5922->5927 5928 4080d8 5923->5928 5926 405ce0 18 API calls 5926->5927 5927->5742 5929 40812b 5928->5929 5930 4080ec 5928->5930 5929->5926 5929->5927 5930->5929 5932 408028 5930->5932 5933 408033 5932->5933 5934 408044 5932->5934 5935 405ce0 18 API calls 5933->5935 5936 40791c 34 API calls 5934->5936 5935->5934 5937 408058 5936->5937 5938 40791c 34 API calls 5937->5938 5939 408079 5938->5939 5940 407d94 InterlockedExchange 5939->5940 5941 40808e 5940->5941 5942 4080a4 5941->5942 5943 405ce0 18 API calls 5941->5943 5942->5930 5943->5942 6562 40949a 6563 40948c 6562->6563 6564 409428 Wow64RevertWow64FsRedirection 6563->6564 6565 409494 6564->6565 6566 40949c SetLastError 6567 4094a5 6566->6567 5944 407aa8 ReadFile 5945 407ac8 5944->5945 5946 407adf 5944->5946 5947 407ad8 5945->5947 5948 407ace GetLastError 5945->5948 5949 407908 35 API calls 5947->5949 5948->5946 5948->5947 5949->5946 6568 402caa 6569 403154 4 API calls 6568->6569 6570 402caf 6569->6570 6935 4075aa 6936 407594 6935->6936 6937 403198 4 API calls 6936->6937 6938 40759c 6937->6938 6939 403198 4 API calls 6938->6939 6940 4075a4 6939->6940 6571 4028ac 6572 402594 18 API calls 6571->6572 6573 4028b6 6572->6573 6941 4093ac 6944 409278 6941->6944 6945 409281 6944->6945 6946 403198 4 API calls 6945->6946 6947 40928f 6945->6947 6946->6945 6948 4055b0 6949 4055c3 6948->6949 6950 4052a8 33 API calls 6949->6950 6951 4055d7 6950->6951 6574 40acb4 6575 40acd9 6574->6575 6576 409ddc 29 API calls 6575->6576 6579 40acde 6576->6579 6577 40ad31 6608 4026c4 GetSystemTime 6577->6608 6579->6577 6583 409254 18 API calls 6579->6583 6580 40ad36 6581 4097d0 46 API calls 6580->6581 6582 40ad3e 6581->6582 6584 4031e8 18 API calls 6582->6584 6585 40ad0d 6583->6585 6586 40ad4b 6584->6586 6588 40ad15 MessageBoxA 6585->6588 6587 406d78 19 API calls 6586->6587 6589 40ad58 6587->6589 6588->6577 6590 40ad22 6588->6590 6591 406b10 19 API calls 6589->6591 6592 405cb4 19 API calls 6590->6592 6593 40ad68 6591->6593 6592->6577 6594 406a88 19 API calls 6593->6594 6595 40ad79 6594->6595 6596 403340 18 API calls 6595->6596 6597 40ad87 6596->6597 6598 4031e8 18 API calls 6597->6598 6599 40ad97 6598->6599 6600 40795c 37 API calls 6599->6600 6601 40add6 6600->6601 6602 402594 18 API calls 6601->6602 6603 40adf6 6602->6603 6604 407ea4 19 API calls 6603->6604 6605 40ae38 6604->6605 6606 408134 35 API calls 6605->6606 6607 40ae5f 6606->6607 6608->6580 6609 401ab9 6610 401a96 6609->6610 6611 401aa9 RtlDeleteCriticalSection 6610->6611 6612 401a9f RtlLeaveCriticalSection 6610->6612 6612->6611

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00404654 Relevance: 42.2, APIs: 7, Strings: 17, Instructions: 174libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,004048EE,?,?,?,?,00000000,?,0040AAB8), ref: 0040466F
                                                                                                                                                                    • GetVersion.KERNEL32(kernel32.dll,00000000,004048EE,?,?,?,?,00000000,?,0040AAB8), ref: 00404676
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0040468B
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 004046B3
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004048B5
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004048CB
                                                                                                                                                                    • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,kernel32.dll,00000000,004048EE,?,?,?,?,00000000,?,0040AAB8), ref: 004048D6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleModulePolicyProcessVersion
                                                                                                                                                                    • String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$kernel32.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
                                                                                                                                                                    • API String ID: 3297890031-2388063882
                                                                                                                                                                    • Opcode ID: 6206738d1768993a266272c574535deacfcb651ff371490375f42cd1ba234e07
                                                                                                                                                                    • Instruction ID: 9e7baa03e94b680687c531d55c537e9110a8ac934c54f9465d7227ec1282235b
                                                                                                                                                                    • Opcode Fuzzy Hash: 6206738d1768993a266272c574535deacfcb651ff371490375f42cd1ba234e07
                                                                                                                                                                    • Instruction Fuzzy Hash: B2611070600149AFDB00FBF6DA8398E77A99F80309B2045BBA604772D6D778EF059B5D
                                                                                                                                                                    Function 0040A018 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 211 40a018-40a03c GetSystemInfo VirtualQuery 212 40a042 211->212 213 40a0cc-40a0d3 211->213 214 40a0c1-40a0c6 212->214 214->213 215 40a044-40a04b 214->215 216 40a0ad-40a0bf VirtualQuery 215->216 217 40a04d-40a051 215->217 216->213 216->214 217->216 218 40a053-40a05b 217->218 219 40a06c-40a07d VirtualProtect 218->219 220 40a05d-40a060 218->220 222 40a081-40a083 219->222 223 40a07f 219->223 220->219 221 40a062-40a065 220->221 221->219 224 40a067-40a06a 221->224 225 40a092-40a095 222->225 223->222 224->219 224->222 226 40a085-40a08e call 40a010 225->226 227 40a097-40a099 225->227 226->225 227->216 228 40a09b-40a0a8 VirtualProtect 227->228 228->216
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 0040A02A
                                                                                                                                                                    • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 0040A035
                                                                                                                                                                    • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 0040A076
                                                                                                                                                                    • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 0040A0A8
                                                                                                                                                                    • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 0040A0B8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2441996862-0
                                                                                                                                                                    • Opcode ID: 9ac3e84cebc6f461d525c38fea5a33ab6cb0156132446b09103c7350edb016b4
                                                                                                                                                                    • Instruction ID: f5309bbdda193f62b4be3c179e768a57e3f3f612c04de257546ab44ee606f1f6
                                                                                                                                                                    • Opcode Fuzzy Hash: 9ac3e84cebc6f461d525c38fea5a33ab6cb0156132446b09103c7350edb016b4
                                                                                                                                                                    • Instruction Fuzzy Hash: 142190B1240308ABD6309E69CC85F5777D8DF85354F08493AFAC5E33C2D63DE860866A
                                                                                                                                                                    Function 0040565C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040D4C0,00000001,?,00405727,?,00000000,00405806), ref: 0040567A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                    • Opcode ID: 7459d56e7c64c485d498697c6eb088ce7aaa21e11ea95b6c07db09bb75ef8263
                                                                                                                                                                    • Instruction ID: d14b50eaf9df709ed1cf3d56deeb77a2084f63d122e7671578114c6bad5e918b
                                                                                                                                                                    • Opcode Fuzzy Hash: 7459d56e7c64c485d498697c6eb088ce7aaa21e11ea95b6c07db09bb75ef8263
                                                                                                                                                                    • Instruction Fuzzy Hash: 68E0D87170021427D711A9699C86EFB735CDB58314F4006BFB909E73C6EDB59E8046ED
                                                                                                                                                                    Function 00409520 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 56libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004095DE,?,?,?,?,00000000,00000000,?,0040AACC), ref: 00409542
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00409548
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004095DE,?,?,?,?,00000000,00000000,?,0040AACC), ref: 0040955C
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00409562
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                                                                    • API String ID: 1646373207-2130885113
                                                                                                                                                                    • Opcode ID: 9711803e7e97600f978dac47126909fe1692835b2a3da83a2610dda9fb37f9b7
                                                                                                                                                                    • Instruction ID: 3d1781b746021e9606986d5b6d55f7cbde73f6a932e0ba52378b2443c6d91f24
                                                                                                                                                                    • Opcode Fuzzy Hash: 9711803e7e97600f978dac47126909fe1692835b2a3da83a2610dda9fb37f9b7
                                                                                                                                                                    • Instruction Fuzzy Hash: 79115470908244BEDB01FBA2CD43B5A7B68D784744F204477F501762D3DA7D5E08DA2D
                                                                                                                                                                    Function 0040AF57 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00409AE8: GetLastError.KERNEL32(00000000,00409B8B), ref: 00409B0C
                                                                                                                                                                    • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AF9E
                                                                                                                                                                    • SetWindowLongA.USER32(00010432,000000FC,Function_00009E00), ref: 0040AFB5
                                                                                                                                                                      • Part of subcall function 00406FCC: GetCommandLineA.KERNEL32(00000000,00407010,?,?,?,?,00000000), ref: 00406FE4
                                                                                                                                                                      • Part of subcall function 00409E8C: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409F84,?,00409F78,00000000,00409F5F), ref: 00409EFC
                                                                                                                                                                      • Part of subcall function 00409E8C: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409F84,?,00409F78,00000000), ref: 00409F10
                                                                                                                                                                      • Part of subcall function 00409E8C: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409F29
                                                                                                                                                                      • Part of subcall function 00409E8C: GetExitCodeProcess.KERNEL32(?), ref: 00409F3B
                                                                                                                                                                      • Part of subcall function 00409E8C: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409F84,?,00409F78), ref: 00409F44
                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(00000000,0040B0F4,Function_00009E00,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040B0A1
                                                                                                                                                                    • DestroyWindow.USER32(00010432,0040B0F4,Function_00009E00,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040B0B5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryErrorExitLastLineLongMultipleObjectsRemoveWait
                                                                                                                                                                    • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                                                                                    • API String ID: 849423697-3001827809
                                                                                                                                                                    • Opcode ID: 08113ef3ce2da518920d8c13058acc363925f6704d668fbfbfd076efd3cb2295
                                                                                                                                                                    • Instruction ID: d96ad4f456555d006dfdd6a111ba55fa130d32b67bbf9cfe256734ebf9c0f5f1
                                                                                                                                                                    • Opcode Fuzzy Hash: 08113ef3ce2da518920d8c13058acc363925f6704d668fbfbfd076efd3cb2295
                                                                                                                                                                    • Instruction Fuzzy Hash: 95413070A006449BD711EBE9EE85B9A77E4EB58304F10427BF514BB2E1C7B89C49CB9C
                                                                                                                                                                    Function 0040AF42 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AF9E
                                                                                                                                                                    • SetWindowLongA.USER32(00010432,000000FC,Function_00009E00), ref: 0040AFB5
                                                                                                                                                                      • Part of subcall function 00406FCC: GetCommandLineA.KERNEL32(00000000,00407010,?,?,?,?,00000000), ref: 00406FE4
                                                                                                                                                                      • Part of subcall function 00409E8C: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409F84,?,00409F78,00000000,00409F5F), ref: 00409EFC
                                                                                                                                                                      • Part of subcall function 00409E8C: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409F84,?,00409F78,00000000), ref: 00409F10
                                                                                                                                                                      • Part of subcall function 00409E8C: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409F29
                                                                                                                                                                      • Part of subcall function 00409E8C: GetExitCodeProcess.KERNEL32(?), ref: 00409F3B
                                                                                                                                                                      • Part of subcall function 00409E8C: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409F84,?,00409F78), ref: 00409F44
                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(00000000,0040B0F4,Function_00009E00,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040B0A1
                                                                                                                                                                    • DestroyWindow.USER32(00010432,0040B0F4,Function_00009E00,00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040B0B5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                                                                                                    • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                                                                                    • API String ID: 3586484885-3001827809
                                                                                                                                                                    • Opcode ID: 3e82f52e343573e9ee8ccf82fbc097b32b2466bbbc9497f93a956efcdcfa5545
                                                                                                                                                                    • Instruction ID: 22e85acea042a1c9b241f29fbd05952515ad99a43a6683ef4ce3977848861488
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e82f52e343573e9ee8ccf82fbc097b32b2466bbbc9497f93a956efcdcfa5545
                                                                                                                                                                    • Instruction Fuzzy Hash: 00410971A006049BD710EBE9EE85BAA77A4EB58304F10427AF514BB2E1D7789C48CB9C
                                                                                                                                                                    Function 00409E8C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409F84,?,00409F78,00000000,00409F5F), ref: 00409EFC
                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409F84,?,00409F78,00000000), ref: 00409F10
                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409F29
                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?), ref: 00409F3B
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409F84,?,00409F78), ref: 00409F44
                                                                                                                                                                      • Part of subcall function 00409AE8: GetLastError.KERNEL32(00000000,00409B8B), ref: 00409B0C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                                                                                                    • String ID: D
                                                                                                                                                                    • API String ID: 3356880605-2746444292
                                                                                                                                                                    • Opcode ID: 7df226d52587f770460e981b15b5d19bc6ab37567cde566df4420800d0169a2d
                                                                                                                                                                    • Instruction ID: c83664c5db2498e28503e3c1fa1a9009394fa647db11d74ebe1f458a85c7f7ae
                                                                                                                                                                    • Opcode Fuzzy Hash: 7df226d52587f770460e981b15b5d19bc6ab37567cde566df4420800d0169a2d
                                                                                                                                                                    • Instruction Fuzzy Hash: 19113DB16042096ADB00EBE6CC42F9EB7ACEF89714F50017AB604F72C6DA789D048669
                                                                                                                                                                    Function 0040ACB4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117windowCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 0040AD18
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message
                                                                                                                                                                    • String ID: .tmp$@z@$d~@
                                                                                                                                                                    • API String ID: 2030045667-2080866987
                                                                                                                                                                    • Opcode ID: 2b85bf55d00087c4ee4d3d53e5bb2d438756d7f2ac1061807f4f56549d36f6d1
                                                                                                                                                                    • Instruction ID: dd76c9251985b1ff4450233ddc9785193850427026a6d5c0e90a1b5537d094b7
                                                                                                                                                                    • Opcode Fuzzy Hash: 2b85bf55d00087c4ee4d3d53e5bb2d438756d7f2ac1061807f4f56549d36f6d1
                                                                                                                                                                    • Instruction Fuzzy Hash: 4B419570A046009FD705EFA5DE91A2A77A5EB59304B11447BF804BB7E1CA79AC04CB9D
                                                                                                                                                                    Function 0040ACCF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 113windowCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 0040AD18
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message
                                                                                                                                                                    • String ID: .tmp$@z@$d~@
                                                                                                                                                                    • API String ID: 2030045667-2080866987
                                                                                                                                                                    • Opcode ID: 81bdbc4c120031e8217955485f9b4631603aba5f155e491865d52178ba1ca84f
                                                                                                                                                                    • Instruction ID: bf9d77eae5c07405b3109107b1835c74e23881a639ebcc62aff07684a9841850
                                                                                                                                                                    • Opcode Fuzzy Hash: 81bdbc4c120031e8217955485f9b4631603aba5f155e491865d52178ba1ca84f
                                                                                                                                                                    • Instruction Fuzzy Hash: BF419570B006019FD705EFA5DE92A6A77A5EB59304B10447BF804BB7E1CBB9AC04CB9D
                                                                                                                                                                    Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 326 401918-40193a RtlInitializeCriticalSection 327 401946-40197c call 4012dc * 3 LocalAlloc 326->327 328 40193c-401941 RtlEnterCriticalSection 326->328 335 4019ad-4019c1 327->335 336 40197e 327->336 328->327 340 4019c3-4019c8 RtlLeaveCriticalSection 335->340 341 4019cd 335->341 337 401983-401995 336->337 337->337 339 401997-4019a6 337->339 339->335 340->341
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlInitializeCriticalSection.KERNEL32(0040D41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                                                                                    • RtlEnterCriticalSection.KERNEL32(0040D41C,0040D41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,00000FF8,0040D41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                                                                                    • RtlLeaveCriticalSection.KERNEL32(0040D41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 730355536-0
                                                                                                                                                                    • Opcode ID: 8414f493d6facd55d67710fc415b07d88c3ef9d9c2abb5a5bebd487d02bb0f40
                                                                                                                                                                    • Instruction ID: ca3d82fa79822ebb621977d4c6345e30539334a4bf25a92a69ec079a2ec9ab95
                                                                                                                                                                    • Opcode Fuzzy Hash: 8414f493d6facd55d67710fc415b07d88c3ef9d9c2abb5a5bebd487d02bb0f40
                                                                                                                                                                    • Instruction Fuzzy Hash: F20192B4E442405EE715ABFA9A56B253BA4D789704F1080BFF044F72F2C67C6458C75D
                                                                                                                                                                    Function 004097D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,004098BF,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409816
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,?,00000000,004098BF,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040981F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                    • String ID: .tmp
                                                                                                                                                                    • API String ID: 1375471231-2986845003
                                                                                                                                                                    • Opcode ID: bcfdd319b68c6234bb3b3c2b6e0791bb6992f3f2d01426f3b13c32e67b0b1ca6
                                                                                                                                                                    • Instruction ID: 48b9f2fdce89366346d31e95a36bae064327856a755920fc8e2ea7d65379a348
                                                                                                                                                                    • Opcode Fuzzy Hash: bcfdd319b68c6234bb3b3c2b6e0791bb6992f3f2d01426f3b13c32e67b0b1ca6
                                                                                                                                                                    • Instruction Fuzzy Hash: 23211575A10208ABDB05FFE5C8529DFB7B9EB48304F10457BE901B73C2DA789E05CAA5
                                                                                                                                                                    Function 00401FD4 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 437 401fd4-401fe6 438 401fe8 call 401918 437->438 439 401ffb-402010 437->439 443 401fed-401fef 438->443 441 402012-402017 RtlEnterCriticalSection 439->441 442 40201c-402025 439->442 441->442 444 402027 442->444 445 40202c-402032 442->445 443->439 446 401ff1-401ff6 443->446 444->445 447 402038-40203c 445->447 448 4020cb-4020d1 445->448 449 40214f-402158 446->449 452 402041-402050 447->452 453 40203e 447->453 450 4020d3-4020e0 448->450 451 40211d-40211f call 401ee0 448->451 455 4020e2-4020ea 450->455 456 4020ef-40211b call 402f54 450->456 460 402124-40213b 451->460 452->448 457 402052-402060 452->457 453->452 455->456 456->449 458 402062-402066 457->458 459 40207c-402080 457->459 462 402068 458->462 463 40206b-40207a 458->463 465 402082 459->465 466 402085-4020a0 459->466 469 402147 460->469 470 40213d-402142 RtlLeaveCriticalSection 460->470 462->463 468 4020a2-4020c6 call 402f54 463->468 465->466 466->468 468->449 470->469
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlEnterCriticalSection.KERNEL32(0040D41C,00000000,00402148), ref: 00402017
                                                                                                                                                                      • Part of subcall function 00401918: RtlInitializeCriticalSection.KERNEL32(0040D41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                                                                                      • Part of subcall function 00401918: RtlEnterCriticalSection.KERNEL32(0040D41C,0040D41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                                                                                      • Part of subcall function 00401918: LocalAlloc.KERNEL32(00000000,00000FF8,0040D41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                                                                                      • Part of subcall function 00401918: RtlLeaveCriticalSection.KERNEL32(0040D41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 296031713-0
                                                                                                                                                                    • Opcode ID: f63e8093b7c21695f3c5f0f727b66ad92d47f8bd02e6a7dbcfb51ec74dbfdd03
                                                                                                                                                                    • Instruction ID: 72c497f3d878e3d6a4a9583ee00a9bb41c235ef620702b970aaba137d6b92855
                                                                                                                                                                    • Opcode Fuzzy Hash: f63e8093b7c21695f3c5f0f727b66ad92d47f8bd02e6a7dbcfb51ec74dbfdd03
                                                                                                                                                                    • Instruction Fuzzy Hash: 2341C2B2E007019FD710CFA9DE8561A7BA0EB58314B15817BD549B73E1D378A849CB48
                                                                                                                                                                    Function 0040741C Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 473 40741c-40746f SetErrorMode call 403414 LoadLibraryA
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetErrorMode.KERNEL32(00008000), ref: 00407426
                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,00000000,00407470,?,00000000,0040748E,?,00008000), ref: 00407455
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLibraryLoadMode
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2987862817-0
                                                                                                                                                                    • Opcode ID: 7c3291ca482dc4e73124ef6673235b1c1e4da24983ec1cf579c69c8d77eb9c24
                                                                                                                                                                    • Instruction ID: f52ba4a9feec5d4d4615fe406f45eaba014741ff6d770d8a308f032ff20cb8dd
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c3291ca482dc4e73124ef6673235b1c1e4da24983ec1cf579c69c8d77eb9c24
                                                                                                                                                                    • Instruction Fuzzy Hash: 26F08270A14708BEDB025FB68C5282ABAECE749B1475288B6F900A2AD2E53C5820C569
                                                                                                                                                                    Function 00407AE8 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 483 407ae8-407b0d SetFilePointer 484 407b1f-407b24 483->484 485 407b0f-407b16 GetLastError 483->485 485->484 486 407b18-407b1a call 407908 485->486 486->484
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 00407B07
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000), ref: 00407B0F
                                                                                                                                                                      • Part of subcall function 00407908: GetLastError.KERNEL32(@z@,004079A6,?,?,020803AC,?,0040AB3B,00000001,00000000,00000002,00000000,0040B132,?,00000000,0040B169), ref: 0040790B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$FilePointer
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1156039329-0
                                                                                                                                                                    • Opcode ID: 1efacffe01c84972d5e79d9e95937cadebc248d177395cf3b78af7fa5ea4bab0
                                                                                                                                                                    • Instruction ID: 2b235249b0a7ee07bcb8c1d8603e448d3cb6330bb11491e7c51f1e2a1a123f33
                                                                                                                                                                    • Opcode Fuzzy Hash: 1efacffe01c84972d5e79d9e95937cadebc248d177395cf3b78af7fa5ea4bab0
                                                                                                                                                                    • Instruction Fuzzy Hash: 13E092767081005FD610E55DC881A9B33DCDFC53A8F004537B654EB1D1D675B8008366
                                                                                                                                                                    Function 00407AA8 Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 477 407aa8-407ac6 ReadFile 478 407ac8-407acc 477->478 479 407adf-407ae6 477->479 480 407ad8-407ada call 407908 478->480 481 407ace-407ad6 GetLastError 478->481 480->479 481->479 481->480
                                                                                                                                                                    APIs
                                                                                                                                                                    • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407ABF
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407ACE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastRead
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1948546556-0
                                                                                                                                                                    • Opcode ID: 62bc4757170e124d293d2e1ae2527044cf5abdc53c736f625f33b9d4ecf98daf
                                                                                                                                                                    • Instruction ID: e15dfe76c2c2153dd18fa5b66318eead10a3336b01bc7908bb5745e2d55223c8
                                                                                                                                                                    • Opcode Fuzzy Hash: 62bc4757170e124d293d2e1ae2527044cf5abdc53c736f625f33b9d4ecf98daf
                                                                                                                                                                    • Instruction Fuzzy Hash: DAE092A17181106EEB20A65E9884F6B67DCCBC9314F04817BF508EB282D6B8DC008777
                                                                                                                                                                    Function 00407A40 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 00407A57
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 00407A63
                                                                                                                                                                      • Part of subcall function 00407908: GetLastError.KERNEL32(@z@,004079A6,?,?,020803AC,?,0040AB3B,00000001,00000000,00000002,00000000,0040B132,?,00000000,0040B169), ref: 0040790B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$FilePointer
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1156039329-0
                                                                                                                                                                    • Opcode ID: 0f363b337b605630cba33b2c75e34e58c088fa0b570b5e63e1fb747f55acf4b7
                                                                                                                                                                    • Instruction ID: b2e9c79a061d94bc6c1ac4e6a69a759f2ef78579472dc31f5d333ffaff30462c
                                                                                                                                                                    • Opcode Fuzzy Hash: 0f363b337b605630cba33b2c75e34e58c088fa0b570b5e63e1fb747f55acf4b7
                                                                                                                                                                    • Instruction Fuzzy Hash: C7E01AB1A002109EEB20EBB58981B5662D89B44364B048576A654DB2C6D274E800CB66
                                                                                                                                                                    Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Virtual$AllocFree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2087232378-0
                                                                                                                                                                    • Opcode ID: 316f7b9c70f66dec2db539bfa6b5d1d13d5c84c791c458a80c61312b1b31133c
                                                                                                                                                                    • Instruction ID: 66c3474f10fe082fedccbde799efe3bb5b58ff080b56d2e089ed954f0af67306
                                                                                                                                                                    • Opcode Fuzzy Hash: 316f7b9c70f66dec2db539bfa6b5d1d13d5c84c791c458a80c61312b1b31133c
                                                                                                                                                                    • Instruction Fuzzy Hash: DAF02772B0032017DB2069AA0CC1B536AC59F85B90F1540BBFA4CFF3F9D2B98C0442A9
                                                                                                                                                                    Function 004056D0 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemDefaultLCID.KERNEL32(00000000,00405806), ref: 004056EF
                                                                                                                                                                      • Part of subcall function 0040512C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00405149
                                                                                                                                                                      • Part of subcall function 0040565C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040D4C0,00000001,?,00405727,?,00000000,00405806), ref: 0040567A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1658689577-0
                                                                                                                                                                    • Opcode ID: cc3e47e390c1b33211b3d9873ad613d49b391b3cefde462b73c2cd7d0ab13d86
                                                                                                                                                                    • Instruction ID: 82c784cd7830e1ca4cd44457dad2f2fa429cf4e25a926eea24d274db27b93b1b
                                                                                                                                                                    • Opcode Fuzzy Hash: cc3e47e390c1b33211b3d9873ad613d49b391b3cefde462b73c2cd7d0ab13d86
                                                                                                                                                                    • Instruction Fuzzy Hash: C1316F75E00509ABCB00EF95CC819EEB379FF84304F508577E819BB285E739AE058B98
                                                                                                                                                                    Function 004079F2 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00407A34
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                    • Opcode ID: 5bc26aafbd8d3cc7e99f1b4789c5f450247a7b7967715b9db18694e2d0d8c5c5
                                                                                                                                                                    • Instruction ID: 042ae40820150c0b4851109f40d588701a9899a67d40570aa5757512981d293a
                                                                                                                                                                    • Opcode Fuzzy Hash: 5bc26aafbd8d3cc7e99f1b4789c5f450247a7b7967715b9db18694e2d0d8c5c5
                                                                                                                                                                    • Instruction Fuzzy Hash: 6FE0ED753442586EE340DAED6D81FA677DC974A714F008132B998DB382D4719D118BA8
                                                                                                                                                                    Function 004079F4 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00407A34
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                    • Opcode ID: b99464c5deed90c436ccb8039285842caa459c4cfee6896295820f2cd2136feb
                                                                                                                                                                    • Instruction ID: 8ced2eed2e357b00b36525f681a949bcf9e14530d7ff6951507f50c56b932d1f
                                                                                                                                                                    • Opcode Fuzzy Hash: b99464c5deed90c436ccb8039285842caa459c4cfee6896295820f2cd2136feb
                                                                                                                                                                    • Instruction Fuzzy Hash: 95E0ED753442586EE240DAED6D81F96779C974A714F008122B998DB382D4719D118BA8
                                                                                                                                                                    Function 00406E2C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,00406E74,?,?,?,?,00000000,?,00406E89,004071E3,00000000,00407228,?,?,?), ref: 00406E57
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                    • Opcode ID: 8e258e6088ff2729972a65b025d9916a43b1951ab399dc39633550a2ec6328db
                                                                                                                                                                    • Instruction ID: 5d103c24ca312c86e291a35865c809fd23e08ae6a8f6832d02acb9ca341f4446
                                                                                                                                                                    • Opcode Fuzzy Hash: 8e258e6088ff2729972a65b025d9916a43b1951ab399dc39633550a2ec6328db
                                                                                                                                                                    • Instruction Fuzzy Hash: ADE0E530300308BBD301EE72DC42D0ABBACDB89704B920476B400A26C2D5785E108068
                                                                                                                                                                    Function 00407B44 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00407B5B
                                                                                                                                                                      • Part of subcall function 00407908: GetLastError.KERNEL32(@z@,004079A6,?,?,020803AC,?,0040AB3B,00000001,00000000,00000002,00000000,0040B132,?,00000000,0040B169), ref: 0040790B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 442123175-0
                                                                                                                                                                    • Opcode ID: 006c08a2f5d9871c0a1980147acda0c26795bf6e192fd3a261290223f417e960
                                                                                                                                                                    • Instruction ID: 30ae2be02b9f15b9cba2c15a2490e5271afae9e105f225727eb8a6e5b17a7771
                                                                                                                                                                    • Opcode Fuzzy Hash: 006c08a2f5d9871c0a1980147acda0c26795bf6e192fd3a261290223f417e960
                                                                                                                                                                    • Instruction Fuzzy Hash: 3FE06D727081106BD710A65A98C0E5777ECCF85764F00403BB608DB281C574AC01867A
                                                                                                                                                                    Function 00407700 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004095C3,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0040771F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FormatMessage
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1306739567-0
                                                                                                                                                                    • Opcode ID: b9ec76e9ce0cf7c9b11fbb0d22c3d5372d7ad8be8fd57ca1cb8678c9dba0653c
                                                                                                                                                                    • Instruction ID: cd8e50964804133df0be52219a4bf40107040f8cbf32d452899ff663d46cfc84
                                                                                                                                                                    • Opcode Fuzzy Hash: b9ec76e9ce0cf7c9b11fbb0d22c3d5372d7ad8be8fd57ca1cb8678c9dba0653c
                                                                                                                                                                    • Instruction Fuzzy Hash: 7CE04FB1B8830126F62519545C87F7B164E47C0B84F64403B7B50EE3D2DABEB94B429F
                                                                                                                                                                    Function 00407B28 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetEndOfFile.KERNEL32(?,02097FF4,0040AEF9,00000000), ref: 00407B2F
                                                                                                                                                                      • Part of subcall function 00407908: GetLastError.KERNEL32(@z@,004079A6,?,?,020803AC,?,0040AB3B,00000001,00000000,00000002,00000000,0040B132,?,00000000,0040B169), ref: 0040790B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 734332943-0
                                                                                                                                                                    • Opcode ID: 879c3aef20c26933657ab209da42f9acde188edf801b45e7798529f352953bc6
                                                                                                                                                                    • Instruction ID: c094c2b5ec81b014f7647aed55f46f5be6f6c9eff784118cc89584b894c57cec
                                                                                                                                                                    • Opcode Fuzzy Hash: 879c3aef20c26933657ab209da42f9acde188edf801b45e7798529f352953bc6
                                                                                                                                                                    • Instruction Fuzzy Hash: AFC04CB1B141045BDB00A6AA85C2A1672DC5A482083404076B504DB247D678F8504755
                                                                                                                                                                    Function 00407477 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetErrorMode.KERNEL32(?,00407495), ref: 00407488
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                                    • Opcode ID: 3513d2af45e6240a0d0531d222129c39ee3681c2f506e4d79ab3159715fa7836
                                                                                                                                                                    • Instruction ID: fee884e8913e26ea2b20a1c4334648daa9a2c142b99fe0c27f31eb53e83e856d
                                                                                                                                                                    • Opcode Fuzzy Hash: 3513d2af45e6240a0d0531d222129c39ee3681c2f506e4d79ab3159715fa7836
                                                                                                                                                                    • Instruction Fuzzy Hash: C6B09B76A0C2006DE705DEE5645153877D4D7C47103B14877F100D65C1D93C94108519
                                                                                                                                                                    Function 00407493 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetErrorMode.KERNEL32(?,00407495), ref: 00407488
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                                    • Opcode ID: a150b1ccc28004dcf137bb0f7729195edfbe3cd1821f17504bb802deebb031e2
                                                                                                                                                                    • Instruction ID: c7febe38ef9f985557de65a49c8e3beabd1cb56d23a205183508381f5ecd03fa
                                                                                                                                                                    • Opcode Fuzzy Hash: a150b1ccc28004dcf137bb0f7729195edfbe3cd1821f17504bb802deebb031e2
                                                                                                                                                                    • Instruction Fuzzy Hash: EEA022A8C08008BACE00EEE88080A3C33A82A883003C008E23200B2082C03CE000820B
                                                                                                                                                                    Function 00406DC0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CharPrevA.USER32(?,?,00406DBC,?,00406A99,?,?,0040959C,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004095DE), ref: 00406DC2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CharPrev
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 122130370-0
                                                                                                                                                                    • Opcode ID: d44d7a6884596ca32ea416b380b4e8946229468d7e659b1743621721cd4621d4
                                                                                                                                                                    • Instruction ID: 95ac89871b9e49aa2ffc5daef894b278f4bc9d8aafa7dca88aae54a0e9e7edad
                                                                                                                                                                    • Opcode Fuzzy Hash: d44d7a6884596ca32ea416b380b4e8946229468d7e659b1743621721cd4621d4
                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                    Function 0040838C Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0040841C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                    • Opcode ID: 4fb7b38294bdf3fcfaab8189c6b2d31175aea6f156bf412ec83bea8fb86574a1
                                                                                                                                                                    • Instruction ID: 68aadeca7c52aa1374545c41b60170f14cbd4c45bc0c673343149efe9cc76684
                                                                                                                                                                    • Opcode Fuzzy Hash: 4fb7b38294bdf3fcfaab8189c6b2d31175aea6f156bf412ec83bea8fb86574a1
                                                                                                                                                                    • Instruction Fuzzy Hash: 7B116D716042059BDB00EF19C981B4B37A4AF84359F04847EF998AF2C7DF78D8058B6A
                                                                                                                                                                    Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                    • Opcode ID: 51bc12226ee049d6fe29a1ee76e74a4f55284af631c21770742f8cdc5b2db1cc
                                                                                                                                                                    • Instruction ID: d2bd3e7102ef9204b91f8816383c595cec19663beeae75bd92b4ab4675e4226e
                                                                                                                                                                    • Opcode Fuzzy Hash: 51bc12226ee049d6fe29a1ee76e74a4f55284af631c21770742f8cdc5b2db1cc
                                                                                                                                                                    • Instruction Fuzzy Hash: E401F772A042104BC310AF28DDC092A77D4DB84324F19497ED985B73A1D23B7C0587A8
                                                                                                                                                                    Function 004079C4 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                    • Opcode ID: b39bb4760bd10523e8477a282be401f25cebef3596302d631dfd489199f81fc2
                                                                                                                                                                    • Instruction ID: 1333f047c66b0d9688efca9d11da816c999e90cdcd736c06211d3ba452c28d9f
                                                                                                                                                                    • Opcode Fuzzy Hash: b39bb4760bd10523e8477a282be401f25cebef3596302d631dfd489199f81fc2
                                                                                                                                                                    • Instruction Fuzzy Hash: B4D0A7D1B00A6007E315F2BF498964B92C85F88655F08843BF685E73D1D67CAC00D38D
                                                                                                                                                                    Function 00408334 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?,00408319), ref: 0040834B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                    • Opcode ID: 230c808500062b5c35cb01985a317edf3050be8cd861299b6b1c2025d975cd45
                                                                                                                                                                    • Instruction ID: 2902acfab023b9b2f0de86f7a78627cda5d54dfc4b924a21aa22279fbea0049e
                                                                                                                                                                    • Opcode Fuzzy Hash: 230c808500062b5c35cb01985a317edf3050be8cd861299b6b1c2025d975cd45
                                                                                                                                                                    • Instruction Fuzzy Hash: 64D002B17553046FDB90EEB94DC5B0237D87B48700F14457A6E44EB2C6F775D8008B14

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 004098E8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028), ref: 004098F7
                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004098FD
                                                                                                                                                                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409916
                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 0040993D
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 00409942
                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00409953
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                    • API String ID: 107509674-3733053543
                                                                                                                                                                    • Opcode ID: 76c26366ab73d400da16d1d616fb3f23b1dfff142f9860e5fbeddd1887b8e56a
                                                                                                                                                                    • Instruction ID: c716305aa6b255ea0f8bf04b803605974c64d9a32ef9e4c16490a57abd096404
                                                                                                                                                                    • Opcode Fuzzy Hash: 76c26366ab73d400da16d1d616fb3f23b1dfff142f9860e5fbeddd1887b8e56a
                                                                                                                                                                    • Instruction Fuzzy Hash: 17F062B0284302B6E610AAB18C07F2722885B81B18F40493EB711F52C3D7BDD904866F
                                                                                                                                                                    Function 0040A0D4 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 0040A0DE
                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,0040AB53,00000000,0040B0EA,?,00000001,00000000,00000002,00000000,0040B132,?,00000000,0040B169), ref: 0040A0F1
                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,0040AB53,00000000,0040B0EA,?,00000001,00000000,00000002,00000000,0040B132,?,00000000), ref: 0040A103
                                                                                                                                                                    • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0040AB53,00000000,0040B0EA,?,00000001,00000000,00000002,00000000,0040B132), ref: 0040A114
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3473537107-0
                                                                                                                                                                    • Opcode ID: 5a5895066e8623d9c04d621fb25767811aface55f1ffab09d7e5ea7dbda8e6a9
                                                                                                                                                                    • Instruction ID: 6e0ad9993521ca4487a6dc9182c9ec88a9d7ecf9898e216691337b01ea42cf55
                                                                                                                                                                    • Opcode Fuzzy Hash: 5a5895066e8623d9c04d621fb25767811aface55f1ffab09d7e5ea7dbda8e6a9
                                                                                                                                                                    • Instruction Fuzzy Hash: 92E0EA9078970725EAA136E608D6B6B10884BB578EF40113ABB14B92C3DDBC8C14516E
                                                                                                                                                                    Function 004056A8 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004058AA,?,?,?,00000000,00405A5C), ref: 004056BB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                    • Opcode ID: 6c93c86b5f3b9f7a8269726404ed0fa1fa14f48feaf77c0ba1f6e5dd371dd8fd
                                                                                                                                                                    • Instruction ID: 0ac2273093169a9723f5a49d7def2a1a0e4efde15c2d8dcba0568209acb81ea7
                                                                                                                                                                    • Opcode Fuzzy Hash: 6c93c86b5f3b9f7a8269726404ed0fa1fa14f48feaf77c0ba1f6e5dd371dd8fd
                                                                                                                                                                    • Instruction Fuzzy Hash: 34D05EA631E6502AE310519B2D85EBB4EACCAC57A4F54483BF64CD7252D2248C069776
                                                                                                                                                                    Function 004026C4 Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemTime.KERNEL32(?), ref: 004026CE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: SystemTime
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2656138-0
                                                                                                                                                                    • Opcode ID: 9ed56ef6959dd8920af8b6d924cbc2bc4732ada3ba303b98172f22f33df6bd3d
                                                                                                                                                                    • Instruction ID: 8398a6df79db6557de4560d78939933842e781e1ed99b38cfbf2fd723ed8f470
                                                                                                                                                                    • Opcode Fuzzy Hash: 9ed56ef6959dd8920af8b6d924cbc2bc4732ada3ba303b98172f22f33df6bd3d
                                                                                                                                                                    • Instruction Fuzzy Hash: 3BE04F21E0010A42C704ABA5CD435FDF7AEAB95604F044172A418E92E0F631C252C748
                                                                                                                                                                    Function 00408888 Relevance: .5, Instructions: 545COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                                                                                    • Instruction ID: 388b29b0a79f5f19ed4b4953a6a76f47c3e14b9604a8131d453ab3a085cd796f
                                                                                                                                                                    • Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                                                                                    • Instruction Fuzzy Hash: BC32E675E04219DFCB14CF99CA80A9DBBB2BF88314F24816AD855B7385DB34AE42CF54
                                                                                                                                                                    Function 004074A0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,004075A5,?,00000000,00409DB8), ref: 004074C9
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004074CF
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,004075A5,?,00000000,00409DB8), ref: 0040751D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                    • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                                                                                    • API String ID: 4190037839-2401316094
                                                                                                                                                                    • Opcode ID: 7c066b870a361991bc0752fcd93cb8768e255443e349242cb7f15e42003cd7d9
                                                                                                                                                                    • Instruction ID: b0f7b576ff72b1c2059ac61aa9c71175e867ef76c41006bc9f97b140b7c9741a
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c066b870a361991bc0752fcd93cb8768e255443e349242cb7f15e42003cd7d9
                                                                                                                                                                    • Instruction Fuzzy Hash: 02215470E04209BBDB00EAE5CC55ADE77A8AB44304F508877A900F36C1E77CBA01C75A
                                                                                                                                                                    Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                                                                                                                                                    • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                                                                                                                                                    • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                                                                                                                                                    • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                                                                                                                                                    • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                                                                                                                                                    • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1694776339-0
                                                                                                                                                                    • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                                                                                    • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                                                                                                                                                    • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                                                                                    • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                                                                                                                                                    Function 00405814 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemDefaultLCID.KERNEL32(00000000,00405A5C,?,?,?,?,00000000,00000000,00000000,?,00406A3B,00000000,00406A4E), ref: 0040582E
                                                                                                                                                                      • Part of subcall function 0040565C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040D4C0,00000001,?,00405727,?,00000000,00405806), ref: 0040567A
                                                                                                                                                                      • Part of subcall function 004056A8: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004058AA,?,?,?,00000000,00405A5C), ref: 004056BB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoLocale$DefaultSystem
                                                                                                                                                                    • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                                                                                    • API String ID: 1044490935-665933166
                                                                                                                                                                    • Opcode ID: f64dfcc9beea8e06f9a7216c135bb3ef8748e57adf0d60dccc58cc6af9805412
                                                                                                                                                                    • Instruction ID: 1f8fb3564ea85801462352e9f704d9e8acf1e4fd8595550e023c4eac14c4b858
                                                                                                                                                                    • Opcode Fuzzy Hash: f64dfcc9beea8e06f9a7216c135bb3ef8748e57adf0d60dccc58cc6af9805412
                                                                                                                                                                    • Instruction Fuzzy Hash: 2B513E34B006486BDB00FAA58C81A8F77A9DB99304F50857BA515BB3C6CA3DDA098F5C
                                                                                                                                                                    Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlEnterCriticalSection.KERNEL32(0040D41C,00000000,00401AB4), ref: 00401A09
                                                                                                                                                                    • LocalFree.KERNEL32(00593E90,00000000,00401AB4), ref: 00401A1B
                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,00593E90,00000000,00401AB4), ref: 00401A3A
                                                                                                                                                                    • LocalFree.KERNEL32(00594E90,?,00000000,00008000,00593E90,00000000,00401AB4), ref: 00401A79
                                                                                                                                                                    • RtlLeaveCriticalSection.KERNEL32(0040D41C,00401ABB), ref: 00401AA4
                                                                                                                                                                    • RtlDeleteCriticalSection.KERNEL32(0040D41C,00401ABB), ref: 00401AAE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3782394904-0
                                                                                                                                                                    • Opcode ID: 11cd0e1b4d10db7b8e02ae656c4499af271f9fd0eb7f0a46b5c3575f739066d3
                                                                                                                                                                    • Instruction ID: 2a1e8c518b16d72ac75c21d19d034316e64e92064156904d4596c6339aa50fda
                                                                                                                                                                    • Opcode Fuzzy Hash: 11cd0e1b4d10db7b8e02ae656c4499af271f9fd0eb7f0a46b5c3575f739066d3
                                                                                                                                                                    • Instruction Fuzzy Hash: 65114274B422805ADB11EBE99EC6F5276689785708F44407FF448B62F2C67CA848CB6D
                                                                                                                                                                    Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403DE5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExitMessageProcess
                                                                                                                                                                    • String ID: Error$Runtime error at 00000000$9@
                                                                                                                                                                    • API String ID: 1220098344-1503883590
                                                                                                                                                                    • Opcode ID: 06c1af3a807ed13e53e556f1551eab319716f56e5b0a099a7904d38b73613604
                                                                                                                                                                    • Instruction ID: 19c161ad1fd1f445befe0ff666437f64548d8e35ccd3b0abec794ae5707e41c3
                                                                                                                                                                    • Opcode Fuzzy Hash: 06c1af3a807ed13e53e556f1551eab319716f56e5b0a099a7904d38b73613604
                                                                                                                                                                    • Instruction Fuzzy Hash: 0421C834E152418AE714EFE59A817153E989B5930DF04817BD504B73E3C67C9A4EC36E
                                                                                                                                                                    Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 262959230-0
                                                                                                                                                                    • Opcode ID: a67f2483392f3a9295a6f421ec51b00ba0520a603cf3575c2b5e933881db78c1
                                                                                                                                                                    • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                                                                                                                                                    • Opcode Fuzzy Hash: a67f2483392f3a9295a6f421ec51b00ba0520a603cf3575c2b5e933881db78c1
                                                                                                                                                                    • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                                                                                                                                                    Function 0040A128 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,Setup,00000010), ref: 0040A15D
                                                                                                                                                                    Strings
                                                                                                                                                                    • Setup, xrefs: 0040A14D
                                                                                                                                                                    • The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si, xrefs: 0040A141
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message
                                                                                                                                                                    • String ID: Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si
                                                                                                                                                                    • API String ID: 2030045667-3271211647
                                                                                                                                                                    • Opcode ID: ff94df1eb2564fec58b9a221cc3fe3b9cf965a2b136f430670f36a0b3f2e2132
                                                                                                                                                                    • Instruction ID: 9b5d989b58a55d658cadae164e54e3781760331d38193a884cd145b826483737
                                                                                                                                                                    • Opcode Fuzzy Hash: ff94df1eb2564fec58b9a221cc3fe3b9cf965a2b136f430670f36a0b3f2e2132
                                                                                                                                                                    • Instruction Fuzzy Hash: 87E065302443087EE312EA629C13F5E7BACE789B54F614477F500B55C1D6795E10D46D
                                                                                                                                                                    Function 004030DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,0040AAAE), ref: 004030E3
                                                                                                                                                                    • GetCommandLineA.KERNEL32(00000000,0040AAAE), ref: 004030EE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CommandHandleLineModule
                                                                                                                                                                    • String ID: U1hd.@
                                                                                                                                                                    • API String ID: 2123368496-2904493091
                                                                                                                                                                    • Opcode ID: 4ac654993ecb6f0c10b1cacd39e13426f3fb1ace3b4aa0046ecf3c9b516135ec
                                                                                                                                                                    • Instruction ID: daea45a2aa12e23edc1a75ca5ccfa9dec32d0aab9986280789c112b27ba3568a
                                                                                                                                                                    • Opcode Fuzzy Hash: 4ac654993ecb6f0c10b1cacd39e13426f3fb1ace3b4aa0046ecf3c9b516135ec
                                                                                                                                                                    • Instruction Fuzzy Hash: 3AC0027894134055D764AFF69E497047594A74930DF40443FA20C7A1F1D67C460A6BDD
                                                                                                                                                                    Function 00409978 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2998410845.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.2998364534.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998554505.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000001.00000002.2998601236.0000000000412000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastSleep
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1458359878-0
                                                                                                                                                                    • Opcode ID: 1c248293a53693e5016b31d34f136ae5d975e0b827204b722e02cf7f87de802c
                                                                                                                                                                    • Instruction ID: 55ccdd2d2ee1bdbcd31af2ea42c7aee1c1b219f05c386506858fe4dd166fe014
                                                                                                                                                                    • Opcode Fuzzy Hash: 1c248293a53693e5016b31d34f136ae5d975e0b827204b722e02cf7f87de802c
                                                                                                                                                                    • Instruction Fuzzy Hash: 6AF090B2A0511856CA25A6AE9881B6FB28CEAC0368714413FFA44F7383D43DDC0152BA

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:14.5%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                    Signature Coverage:8.2%
                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                    Total number of Limit Nodes:53
                                                                                                                                                                    execution_graph 50216 42f9c0 50217 42f9cb 50216->50217 50218 42f9cf NtdllDefWindowProc_A 50216->50218 50218->50217 50219 40d084 50222 407360 WriteFile 50219->50222 50223 40737d 50222->50223 50224 4913c0 50225 491402 50224->50225 50226 49142d 50225->50226 50227 491404 50225->50227 50230 4914b9 50226->50230 50231 49143c 50226->50231 50228 447498 32 API calls 50227->50228 50229 491413 50228->50229 50556 455c34 24 API calls 50229->50556 50239 4914c8 50230->50239 50240 491502 50230->50240 50233 4473f0 32 API calls 50231->50233 50235 491448 50233->50235 50234 49141b 50557 447570 19 API calls 50234->50557 50237 49148c 50235->50237 50238 49144c 50235->50238 50245 447498 32 API calls 50237->50245 50242 49145f 50238->50242 50243 491455 50238->50243 50244 447498 32 API calls 50239->50244 50252 491511 50240->50252 50253 491577 50240->50253 50241 491428 50743 403420 50241->50743 50249 447498 32 API calls 50242->50249 50558 453aac 18 API calls 50243->50558 50250 4914e0 50244->50250 50246 49149d 50245->50246 50561 454fdc 44 API calls 50246->50561 50255 491470 50249->50255 50256 44743c 32 API calls 50250->50256 50258 4473f0 32 API calls 50252->50258 50267 4915cf 50253->50267 50268 491586 50253->50268 50559 454fdc 44 API calls 50255->50559 50261 4914f0 50256->50261 50257 4914a7 50562 447570 19 API calls 50257->50562 50263 49151f 50258->50263 50563 455e10 9 API calls 50261->50563 50270 4473f0 32 API calls 50263->50270 50265 49147a 50560 447570 19 API calls 50265->50560 50278 4915f9 50267->50278 50279 4915de 50267->50279 50272 447498 32 API calls 50268->50272 50269 491487 50269->50241 50273 49152e 50270->50273 50274 49159b 50272->50274 50275 447498 32 API calls 50273->50275 50276 447498 32 API calls 50274->50276 50277 491546 50275->50277 50280 4915ae 50276->50280 50281 4473f0 32 API calls 50277->50281 50287 491608 50278->50287 50288 491645 50278->50288 50586 455cfc GetComputerNameA 50279->50586 50566 453f18 50280->50566 50285 491558 50281->50285 50283 4915e6 50590 4477ec 19 API calls 50283->50590 50564 454868 34 API calls 50285->50564 50291 447498 32 API calls 50287->50291 50296 49168c 50288->50296 50297 491654 50288->50297 50294 491617 50291->50294 50293 491565 50565 447570 19 API calls 50293->50565 50591 4553a8 40 API calls 50294->50591 50304 4916a8 50296->50304 50305 49169b 50296->50305 50594 48e2a8 32 API calls 50297->50594 50300 491627 50592 452a2c 18 API calls 50300->50592 50301 491663 50595 452a2c 18 API calls 50301->50595 50303 491632 50593 4477ec 19 API calls 50303->50593 50309 4916f4 50304->50309 50310 4916b7 50304->50310 50597 48e1fc 33 API calls 50305->50597 50315 49173b 50309->50315 50316 491703 50309->50316 50312 447498 32 API calls 50310->50312 50311 491679 50596 4477ec 19 API calls 50311->50596 50314 4916c6 50312->50314 50598 455450 40 API calls 50314->50598 50323 49174a 50315->50323 50324 491757 50315->50324 50601 48e2a8 32 API calls 50316->50601 50319 4916d6 50599 431618 18 API calls 50319->50599 50320 491712 50602 431618 18 API calls 50320->50602 50322 4916e1 50600 4477ec 19 API calls 50322->50600 50604 48e1fc 33 API calls 50323->50604 50328 49176a 50324->50328 50329 49182d 50324->50329 50331 447498 32 API calls 50328->50331 50334 49183c 50329->50334 50335 491857 50329->50335 50330 491728 50603 4477ec 19 API calls 50330->50603 50333 49177d 50331->50333 50605 4565a8 GetModuleHandleA GetProcAddress 50333->50605 50634 455d38 GetUserNameA 50334->50634 50344 49186a 50335->50344 50348 4918ec 50335->50348 50338 49178d 50340 49181b 50338->50340 50341 491795 50338->50341 50339 491844 50638 4477ec 19 API calls 50339->50638 50633 447570 19 API calls 50340->50633 50343 4473f0 32 API calls 50341->50343 50351 4917a3 50343->50351 50346 4473f0 32 API calls 50344->50346 50347 491875 50346->50347 50349 491879 50347->50349 50350 4918bc 50347->50350 50359 49190e 50348->50359 50371 491a36 50348->50371 50353 49188c 50349->50353 50639 453aac 18 API calls 50349->50639 50352 447498 32 API calls 50350->50352 50630 447850 19 API calls 50351->50630 50355 4918cb 50352->50355 50354 447498 32 API calls 50353->50354 50357 49189b 50354->50357 50360 4473f0 32 API calls 50355->50360 50361 4473f0 32 API calls 50357->50361 50358 49192e 50364 447498 32 API calls 50358->50364 50359->50358 50642 48e164 33 API calls 50359->50642 50365 4918dd 50360->50365 50366 4918ad 50361->50366 50368 49193d 50364->50368 50641 454c90 43 API calls 50365->50641 50640 454c90 43 API calls 50366->50640 50367 4917f8 50631 447850 19 API calls 50367->50631 50373 42ca58 21 API calls 50368->50373 50379 491b8e 50371->50379 50381 491a58 50371->50381 50375 49194b 50373->50375 50374 491809 50632 447570 19 API calls 50374->50632 50377 491a11 50375->50377 50378 491953 50375->50378 50670 447570 19 API calls 50377->50670 50382 42fa00 28 API calls 50378->50382 50393 491bcb 50379->50393 50394 491b9d 50379->50394 50380 491a78 50487 447498 50380->50487 50381->50380 50672 48e164 33 API calls 50381->50672 50387 49195f 50382->50387 50384 491a1e 50671 447718 19 API calls 50384->50671 50389 447498 32 API calls 50387->50389 50392 491981 50389->50392 50396 447498 32 API calls 50392->50396 50406 491bda 50393->50406 50407 491c00 50393->50407 50397 447498 32 API calls 50394->50397 50401 491996 50396->50401 50398 491bac 50397->50398 50676 45553c 50398->50676 50404 44743c 32 API calls 50401->50404 50410 4919a8 50404->50410 50703 455e74 50406->50703 50418 491c4a 50407->50418 50419 491c0f 50407->50419 50415 44743c 32 API calls 50410->50415 50417 491be2 50434 491c59 50418->50434 50435 491c95 50418->50435 50423 447498 32 API calls 50419->50423 50427 491c1e 50423->50427 50431 4473f0 32 API calls 50427->50431 50436 491c30 50431->50436 50439 4473f0 32 API calls 50434->50439 50445 491d22 50435->50445 50446 491ca4 50435->50446 50736 455c44 40 API calls 50436->50736 50440 491c67 50439->50440 50443 447498 32 API calls 50440->50443 50448 491c77 50443->50448 50444 491c38 50737 447570 19 API calls 50444->50737 50457 491d5d 50445->50457 50458 491d31 50445->50458 50544 4473f0 50446->50544 50452 4473f0 32 API calls 50448->50452 50456 491c86 50452->50456 50461 458b1c 72 API calls 50456->50461 50468 491d6c 50457->50468 50479 491d9d 50457->50479 50462 447498 32 API calls 50458->50462 50459 447498 32 API calls 50463 491cd2 50459->50463 50461->50241 50465 491d40 50462->50465 50470 447498 32 API calls 50465->50470 50472 447498 32 API calls 50468->50472 50473 491d52 50470->50473 50475 491d7b 50472->50475 50739 456538 RegOpenKeyExA RegDeleteValueA RegCloseKey RemoveFontResourceA SendNotifyMessageA 50473->50739 50478 447498 32 API calls 50475->50478 50480 491d8d 50478->50480 50479->50241 50481 447498 32 API calls 50479->50481 50740 454498 56 API calls 50480->50740 50483 491dbb 50481->50483 50741 45699c 27 API calls 50483->50741 50485 491dc8 50742 447570 19 API calls 50485->50742 50488 4474a0 50487->50488 50751 436518 50488->50751 50490 4474bf 50491 42ca58 50490->50491 50883 42ce50 50491->50883 50545 4473f5 50544->50545 50983 435ee0 50545->50983 50556->50234 50557->50241 50558->50242 50559->50265 50560->50269 50561->50257 50562->50269 50563->50269 50564->50293 50565->50269 50567 453f38 50566->50567 50568 42c84c 19 API calls 50567->50568 50569 453f51 50568->50569 50570 403494 4 API calls 50569->50570 50573 453f5c 50570->50573 50575 403634 18 API calls 50573->50575 50576 40905c 18 API calls 50573->50576 50578 453fd8 50573->50578 51078 453ea4 50573->51078 51086 453134 50573->51086 51094 42d010 50573->51094 51104 451b9c 50573->51104 50575->50573 50576->50573 50579 403494 4 API calls 50578->50579 50580 453fe3 50579->50580 50581 403420 4 API calls 50580->50581 50582 453ffd 50581->50582 50583 403400 4 API calls 50582->50583 50584 454005 50583->50584 50585 4477ec 19 API calls 50584->50585 50585->50241 50587 455d2a 50586->50587 50589 455d18 50586->50589 50588 403400 4 API calls 50587->50588 50588->50589 50589->50283 50590->50241 50591->50300 50592->50303 50593->50241 50594->50301 50595->50311 50596->50241 50597->50241 50598->50319 50599->50322 50600->50241 50601->50320 50602->50330 50603->50241 50604->50241 50606 452e68 2 API calls 50605->50606 50607 4565f0 50606->50607 50608 4565f4 50607->50608 50609 4565fd 50607->50609 50613 403420 4 API calls 50608->50613 50610 456641 50609->50610 50611 45660f 50609->50611 50614 42cc54 19 API calls 50610->50614 51170 42cc54 50611->51170 50616 4566e6 50613->50616 50617 45665b 50614->50617 50616->50338 51179 42cd1c 50617->51179 50618 42c84c 19 API calls 50620 45662b 50618->50620 50623 456633 GetDiskFreeSpaceExA 50620->50623 50622 42c84c 19 API calls 50624 456671 50622->50624 50625 4566af 50623->50625 50627 452ea4 Wow64RevertWow64FsRedirection 50625->50627 50630->50367 50631->50374 50632->50241 50633->50241 50635 455d69 50634->50635 50637 455d57 50634->50637 50636 403400 4 API calls 50635->50636 50636->50637 50637->50339 50638->50241 50639->50353 50640->50241 50641->50241 50642->50358 50670->50384 50671->50241 50672->50380 50677 455545 50676->50677 50677->50677 50678 4555f4 50677->50678 50679 42dd14 19 API calls 50677->50679 50680 42cc54 19 API calls 50678->50680 50697 45566d 50678->50697 50681 455595 50679->50681 50682 455612 50680->50682 50684 42c84c 19 API calls 50681->50684 50694 455632 50682->50694 51258 45429c 50682->51258 50683 403420 4 API calls 50685 4556a7 50683->50685 50686 4555a6 50684->50686 50688 403400 4 API calls 50685->50688 50689 40357c 18 API calls 50686->50689 50691 4556af 50688->50691 50692 4555b6 50689->50692 50702 447570 19 API calls 50691->50702 50696 40352c 18 API calls 50692->50696 50695 45564f MultiByteToWideChar 50694->50695 50695->50697 50698 4555ce 50696->50698 50697->50683 51255 42e7e4 SetErrorMode 50698->51255 50702->50241 50704 455eb1 50703->50704 50705 455ecc 50704->50705 50706 455f5b 50704->50706 51283 42e26c 50705->51283 50708 42dce8 19 API calls 50706->50708 50709 455f66 50708->50709 50711 42c84c 19 API calls 50709->50711 50710 455ee5 50716 456001 50710->50716 51286 42e1a8 50710->51286 50712 455f77 50711->50712 50714 4035c0 18 API calls 50712->50714 50715 455f8a 50714->50715 51289 42d174 50715->51289 50720 403420 4 API calls 50716->50720 50723 45603d 50720->50723 50727 403420 4 API calls 50723->50727 50729 45604a 50727->50729 50729->50417 50736->50444 50737->50241 50739->50269 50740->50241 50741->50485 50742->50241 50745 403426 50743->50745 50744 40344b 50747 403400 50744->50747 50745->50744 50746 402660 4 API calls 50745->50746 50746->50745 50748 403406 50747->50748 50749 40341f 50747->50749 50748->50749 50750 402660 4 API calls 50748->50750 50750->50749 50752 436524 50751->50752 50753 436546 50751->50753 50752->50753 50773 40905c 50752->50773 50754 4365c9 50753->50754 50756 4365b1 50753->50756 50757 4365a5 50753->50757 50758 436599 50753->50758 50759 43658d 50753->50759 50760 4365bd 50753->50760 50761 40905c 18 API calls 50754->50761 50786 403494 50756->50786 50780 40352c 50757->50780 50762 403510 18 API calls 50758->50762 50777 403510 50759->50777 50790 4040e8 32 API calls 50760->50790 50767 4365da 50761->50767 50768 4365a2 50762->50768 50767->50490 50768->50490 50771 4365c6 50771->50490 50774 409063 50773->50774 50791 403450 50774->50791 50878 4034e0 50777->50878 50781 4034e0 50780->50781 50782 4034bc 18 API calls 50781->50782 50783 4034f0 50782->50783 50784 403400 4 API calls 50783->50784 50785 403508 50784->50785 50785->50490 50788 403498 50786->50788 50787 4034ba 50787->50490 50788->50787 50789 402660 4 API calls 50788->50789 50789->50787 50790->50771 50792 403454 50791->50792 50793 403464 50791->50793 50792->50793 50797 4034bc 50792->50797 50794 403490 50793->50794 50802 402660 50793->50802 50794->50753 50798 4034c0 50797->50798 50799 4034dc 50797->50799 50806 402648 50798->50806 50799->50793 50801 4034c9 50801->50793 50803 402664 50802->50803 50804 40266e 50802->50804 50803->50804 50805 4033bc 4 API calls 50803->50805 50804->50794 50804->50804 50805->50804 50807 40264c 50806->50807 50809 402656 50806->50809 50812 402088 50807->50812 50809->50801 50809->50809 50879 4034bc 18 API calls 50878->50879 50880 4034f0 50879->50880 50881 403400 4 API calls 50880->50881 50882 403508 50881->50882 50882->50490 50884 42ceb2 50883->50884 50885 42ce60 GetSystemMetrics 50883->50885 50898 406f98 19 API calls 50884->50898 50885->50884 50887 42ce6b 50885->50887 50888 403494 4 API calls 50887->50888 50892 42ca7e 50898->50892 50984 435f20 50983->50984 50986 435efe 50983->50986 50985 43600a 50984->50985 50989 435fb0 50984->50989 51001 435f77 50984->51001 50987 40905c 18 API calls 50985->50987 50986->50984 50988 40905c 18 API calls 50986->50988 50987->51001 50988->50984 50992 435fff 50989->50992 50993 435fbe 50989->50993 50990 403400 4 API calls 50991 436035 50990->50991 50991->50459 51004 403f90 32 API calls 50992->51004 51002 40483c 32 API calls 50993->51002 50996 435fc8 50997 435fd3 50996->50997 50998 435fe7 50996->50998 51001->50990 51002->50996 51004->51001 51079 403400 4 API calls 51078->51079 51081 453ec5 51079->51081 51080 403510 18 API calls 51080->51081 51081->51080 51083 453ef2 51081->51083 51107 403800 51081->51107 51084 403400 4 API calls 51083->51084 51085 453f07 51084->51085 51085->50573 51121 452e68 51086->51121 51088 45314a 51089 45314e 51088->51089 51127 42d1ac 51088->51127 51089->50573 51095 42cacc IsDBCSLeadByte 51094->51095 51098 42d021 51095->51098 51096 42d048 51099 42d053 51096->51099 51100 42d05e 51096->51100 51098->51096 51139 42cf94 CharPrevA 51098->51139 51101 403494 4 API calls 51099->51101 51102 403778 18 API calls 51100->51102 51103 42d05c 51101->51103 51102->51103 51103->50573 51140 451b6c 51104->51140 51108 403804 51107->51108 51110 40382f 51107->51110 51111 4038a4 51108->51111 51110->51081 51112 4038b1 51111->51112 51119 4038e1 51111->51119 51113 4038da 51112->51113 51115 4038bd 51112->51115 51116 4034bc 18 API calls 51113->51116 51114 403400 4 API calls 51117 4038cb 51114->51117 51120 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51115->51120 51116->51119 51117->51110 51119->51114 51120->51117 51122 452e76 51121->51122 51123 452e72 51121->51123 51124 452e7f Wow64DisableWow64FsRedirection 51122->51124 51125 452e98 SetLastError 51122->51125 51123->51088 51126 452e93 51124->51126 51125->51126 51126->51088 51133 42d11c 51127->51133 51130 452ea4 51131 452eb3 51130->51131 51132 452ea9 Wow64RevertWow64FsRedirection 51130->51132 51131->50573 51132->51131 51134 42d010 20 API calls 51133->51134 51135 42d13e 51134->51135 51136 42d146 GetFileAttributesA 51135->51136 51137 403400 4 API calls 51136->51137 51138 42d163 GetLastError 51137->51138 51138->51130 51139->51098 51141 451b8c 51140->51141 51144 451a44 51141->51144 51145 403400 4 API calls 51144->51145 51148 451a75 51145->51148 51146 403420 4 API calls 51147 451b2d 51146->51147 51147->50573 51149 451a8c 51148->51149 51151 4034e0 18 API calls 51148->51151 51154 451aa0 51148->51154 51155 40357c 18 API calls 51148->51155 51150 40352c 18 API calls 51149->51150 51152 451a96 51150->51152 51151->51148 51156 40357c 51152->51156 51154->51146 51155->51148 51157 403580 51156->51157 51158 4035bf 51156->51158 51159 40358a 51157->51159 51164 403450 51157->51164 51158->51154 51160 4035b4 51159->51160 51161 40359d 51159->51161 51163 4038a4 18 API calls 51160->51163 51165 4038a4 18 API calls 51161->51165 51162 403490 51162->51154 51169 4035a2 51163->51169 51166 4034bc 18 API calls 51164->51166 51167 403464 51164->51167 51165->51169 51166->51167 51167->51162 51168 402660 4 API calls 51167->51168 51168->51162 51169->51154 51187 403738 51170->51187 51173 42cc83 51174 42cc9a 51173->51174 51175 42cc8b 51173->51175 51176 403494 4 API calls 51174->51176 51177 4034e0 18 API calls 51175->51177 51178 42cc98 51176->51178 51177->51178 51178->50618 51189 42cac4 51179->51189 51182 42cd30 51184 403400 4 API calls 51182->51184 51183 42cd39 51185 403778 18 API calls 51183->51185 51186 42cd37 51184->51186 51185->51186 51186->50622 51188 40373c GetFullPathNameA 51187->51188 51188->51173 51188->51174 51190 42cacc IsDBCSLeadByte 51189->51190 51191 42cacb 51190->51191 51191->51182 51191->51183 51278 42dd40 51258->51278 51260 4542c2 51279 403400 4 API calls 51278->51279 51280 42dd50 GetModuleHandleA GetProcAddress 51279->51280 51281 42dd69 51280->51281 51281->51260 51284 42e277 51283->51284 51285 42e27d RegOpenKeyExA 51283->51285 51284->51285 51285->50710 51300 42e050 51286->51300 51290 403738 51289->51290 51291 42d17e GetFileAttributesA 51290->51291 51301 42e076 RegQueryValueExA 51300->51301 51302 42e0bb 51301->51302 51307 42e099 51301->51307 51303 403400 4 API calls 51302->51303 51305 42e187 51303->51305 51304 42e0b3 51306 403400 4 API calls 51304->51306 51306->51302 51307->51302 51307->51304 51308 4034e0 18 API calls 51307->51308 51309 403744 18 API calls 51307->51309 51308->51307 51310 42e0f0 RegQueryValueExA 51309->51310 51310->51301 51329 44b948 51330 44b956 51329->51330 51332 44b975 51329->51332 51330->51332 51333 44b82c 51330->51333 51334 44b85f 51333->51334 51344 414f38 51334->51344 51336 44b872 51337 40357c 18 API calls 51336->51337 51338 44b89f GetDC 51336->51338 51337->51338 51348 41a638 51338->51348 51341 44b8d0 51356 44b560 51341->51356 51343 44b8e4 ReleaseDC 51343->51332 51345 414f46 51344->51345 51346 4034e0 18 API calls 51345->51346 51347 414f53 51346->51347 51347->51336 51349 41a663 51348->51349 51350 41a6ff 51348->51350 51367 403520 51349->51367 51351 403400 4 API calls 51350->51351 51352 41a717 SelectObject 51351->51352 51352->51341 51354 41a6bb 51355 41a6f3 CreateFontIndirectA 51354->51355 51355->51350 51357 44b577 51356->51357 51358 44b60a 51357->51358 51359 44b5f3 51357->51359 51360 44b58a 51357->51360 51358->51343 51361 44b603 DrawTextA 51359->51361 51360->51358 51362 402648 18 API calls 51360->51362 51361->51358 51363 44b59b 51362->51363 51364 44b5b9 MultiByteToWideChar DrawTextW 51363->51364 51365 402660 4 API calls 51364->51365 51366 44b5eb 51365->51366 51366->51343 51368 4034e0 18 API calls 51367->51368 51369 40352a 51368->51369 51369->51354 51370 40d2cc 51371 40d2d4 51370->51371 51372 40d2fe 51371->51372 51373 40d302 51371->51373 51374 40d2f7 51371->51374 51376 40d306 51373->51376 51377 40d318 51373->51377 51384 406298 GlobalHandle GlobalUnlock GlobalFree 51374->51384 51385 40626c GlobalAlloc GlobalLock 51376->51385 51383 40627c GlobalHandle GlobalUnlock GlobalReAlloc GlobalLock 51377->51383 51380 40d328 51380->51372 51386 40910c 51380->51386 51381 40d314 51381->51380 51383->51380 51384->51372 51385->51381 51387 409118 51386->51387 51394 40723c LoadStringA 51387->51394 51390 403450 18 API calls 51391 409149 51390->51391 51392 403400 4 API calls 51391->51392 51393 40915e 51392->51393 51393->51372 51395 4034e0 18 API calls 51394->51395 51396 407269 51395->51396 51396->51390 51397 413a8c SetWindowLongA GetWindowLongA 51398 413ae9 SetPropA SetPropA 51397->51398 51399 413acb GetWindowLongA 51397->51399 51403 41f7ec KiUserCallbackDispatcher 51398->51403 51399->51398 51400 413ada SetWindowLongA 51399->51400 51400->51398 51401 413b39 51403->51401 51404 450994 51405 450a8c 51404->51405 51406 4509bf GetVersion 51404->51406 51407 403420 4 API calls 51405->51407 51406->51405 51408 4509d2 51406->51408 51409 450ab0 51407->51409 51418 450964 GetSystemDirectoryA 51408->51418 51412 42c84c 19 API calls 51413 4509e5 51412->51413 51414 40357c 18 API calls 51413->51414 51415 4509f2 51414->51415 51416 4509fa LoadLibraryA 51415->51416 51416->51405 51417 450a0e 6 API calls 51416->51417 51417->51405 51419 407934 18 API calls 51418->51419 51420 45098e 51419->51420 51420->51412 51421 424690 51422 4246c6 51421->51422 51423 42469b GetLastActivePopup 51421->51423 51423->51422 51424 4246a7 51423->51424 51424->51422 51425 4246ac IsWindowVisible 51424->51425 51425->51422 51426 4246b6 IsWindowEnabled 51425->51426 51426->51422 51427 4246c0 SetForegroundWindow 51426->51427 51427->51422 51428 416f92 51429 41703a 51428->51429 51430 416faa 51428->51430 51447 41576c 18 API calls 51429->51447 51432 416fc4 SendMessageA 51430->51432 51433 416fb8 51430->51433 51443 417018 51432->51443 51434 416fc2 CallWindowProcA 51433->51434 51435 416fde 51433->51435 51434->51443 51444 41a4a8 GetSysColor 51435->51444 51438 416fe9 SetTextColor 51439 416ffe 51438->51439 51445 41a4a8 GetSysColor 51439->51445 51441 417003 SetBkColor 51446 41ab30 GetSysColor CreateBrushIndirect 51441->51446 51444->51438 51445->51441 51446->51443 51447->51443 51448 416a94 51449 416aa1 51448->51449 51450 416afb 51448->51450 51455 4169a0 CreateWindowExA 51449->51455 51451 416aa8 SetPropA SetPropA 51451->51450 51452 416adb 51451->51452 51453 416aee SetWindowPos 51452->51453 51453->51450 51455->51451 51456 450390 51457 4503b5 51456->51457 51458 450448 51456->51458 51459 450402 51457->51459 51477 450360 GetSystemDirectoryA 51457->51477 51460 403420 4 API calls 51458->51460 51459->51458 51462 45040b 51459->51462 51461 450468 51460->51461 51464 450360 19 API calls 51462->51464 51466 45041d 51464->51466 51468 42c84c 19 API calls 51466->51468 51467 42c84c 19 API calls 51469 4503e2 51467->51469 51471 450428 51468->51471 51470 40357c 18 API calls 51469->51470 51472 4503ef 51470->51472 51473 40357c 18 API calls 51471->51473 51475 4503f7 LoadLibraryA 51472->51475 51474 450435 51473->51474 51476 45043d LoadLibraryA 51474->51476 51475->51459 51476->51458 51478 407934 18 API calls 51477->51478 51479 45038a 51478->51479 51479->51467 51480 49339c 51481 4933d6 51480->51481 51482 4933d8 51481->51482 51483 4933e2 51481->51483 51675 4094e8 MessageBeep 51482->51675 51485 49341a 51483->51485 51486 4933f1 51483->51486 51493 493429 51485->51493 51494 493452 51485->51494 51488 447498 32 API calls 51486->51488 51487 403420 4 API calls 51489 493a2e 51487->51489 51490 4933fe 51488->51490 51491 403400 4 API calls 51489->51491 51676 407000 51490->51676 51495 493a36 51491->51495 51497 447498 32 API calls 51493->51497 51501 49348a 51494->51501 51502 493461 51494->51502 51498 493436 51497->51498 51684 407050 18 API calls 51498->51684 51507 493499 51501->51507 51508 4934b2 51501->51508 51504 447498 32 API calls 51502->51504 51503 493441 51685 4477ec 19 API calls 51503->51685 51506 49346e 51504->51506 51686 407084 18 API calls 51506->51686 51688 4076d0 19 API calls 51507->51688 51515 4934c1 51508->51515 51516 4934e6 51508->51516 51511 493479 51687 4477ec 19 API calls 51511->51687 51512 4934a1 51689 4477ec 19 API calls 51512->51689 51518 447498 32 API calls 51515->51518 51520 49351e 51516->51520 51521 4934f5 51516->51521 51517 4933dd 51517->51487 51519 4934ce 51518->51519 51690 4076f8 51519->51690 51528 49352d 51520->51528 51529 493556 51520->51529 51523 447498 32 API calls 51521->51523 51525 493502 51523->51525 51524 4934d6 51693 447570 19 API calls 51524->51693 51527 42cc54 19 API calls 51525->51527 51530 49350d 51527->51530 51531 447498 32 API calls 51528->51531 51535 4935a2 51529->51535 51536 493565 51529->51536 51694 4477ec 19 API calls 51530->51694 51532 49353a 51531->51532 51695 407648 22 API calls 51532->51695 51541 4935da 51535->51541 51542 4935b1 51535->51542 51538 447498 32 API calls 51536->51538 51537 493545 51696 4477ec 19 API calls 51537->51696 51540 493574 51538->51540 51543 447498 32 API calls 51540->51543 51549 4935e9 51541->51549 51550 493612 51541->51550 51544 447498 32 API calls 51542->51544 51545 493585 51543->51545 51546 4935be 51544->51546 51697 4930a0 22 API calls 51545->51697 51548 42ccf4 19 API calls 51546->51548 51552 4935c9 51548->51552 51553 447498 32 API calls 51549->51553 51558 49364a 51550->51558 51559 493621 51550->51559 51551 493591 51698 4477ec 19 API calls 51551->51698 51699 4477ec 19 API calls 51552->51699 51555 4935f6 51553->51555 51557 42cd1c 19 API calls 51555->51557 51560 493601 51557->51560 51564 493659 51558->51564 51565 493682 51558->51565 51561 447498 32 API calls 51559->51561 51700 4477ec 19 API calls 51560->51700 51563 49362e 51561->51563 51701 42cd4c 19 API calls 51563->51701 51567 447498 32 API calls 51564->51567 51572 4936ba 51565->51572 51573 493691 51565->51573 51569 493666 51567->51569 51568 493639 51702 4477ec 19 API calls 51568->51702 51703 42cd7c 51569->51703 51578 4936c9 51572->51578 51579 493706 51572->51579 51575 447498 32 API calls 51573->51575 51577 49369e 51575->51577 51709 42cda4 51577->51709 51582 447498 32 API calls 51578->51582 51585 493758 51579->51585 51586 493715 51579->51586 51584 4936d8 51582->51584 51587 447498 32 API calls 51584->51587 51594 4937cb 51585->51594 51595 493767 51585->51595 51588 447498 32 API calls 51586->51588 51589 4936e9 51587->51589 51590 493728 51588->51590 51715 42c948 19 API calls 51589->51715 51592 447498 32 API calls 51590->51592 51596 493739 51592->51596 51593 4936f5 51716 4477ec 19 API calls 51593->51716 51601 49380a 51594->51601 51602 4937da 51594->51602 51598 447498 32 API calls 51595->51598 51717 493298 26 API calls 51596->51717 51599 493774 51598->51599 51603 42ca58 21 API calls 51599->51603 51613 493849 51601->51613 51614 493819 51601->51614 51605 447498 32 API calls 51602->51605 51606 493782 51603->51606 51604 493747 51718 4477ec 19 API calls 51604->51718 51608 4937e7 51605->51608 51609 4937bb 51606->51609 51610 493786 51606->51610 51721 45304c Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection DeleteFileA GetLastError 51608->51721 51720 447570 19 API calls 51609->51720 51612 447498 32 API calls 51610->51612 51617 493795 51612->51617 51622 493888 51613->51622 51623 493858 51613->51623 51618 447498 32 API calls 51614->51618 51616 4937f4 51722 447570 19 API calls 51616->51722 51668 4533c4 51617->51668 51621 493826 51618->51621 51723 452eb4 51621->51723 51633 4938d0 51622->51633 51634 493897 51622->51634 51627 447498 32 API calls 51623->51627 51624 493805 51624->51517 51625 4937a5 51719 447570 19 API calls 51625->51719 51630 493865 51627->51630 51629 493833 51730 447570 19 API calls 51629->51730 51731 453554 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection RemoveDirectoryA GetLastError 51630->51731 51640 493918 51633->51640 51641 4938df 51633->51641 51636 447498 32 API calls 51634->51636 51635 493872 51732 447570 19 API calls 51635->51732 51637 4938a6 51636->51637 51639 447498 32 API calls 51637->51639 51642 4938b7 51639->51642 51645 49392b 51640->51645 51652 4939e1 51640->51652 51643 447498 32 API calls 51641->51643 51733 447718 19 API calls 51642->51733 51644 4938ee 51643->51644 51646 447498 32 API calls 51644->51646 51648 447498 32 API calls 51645->51648 51649 4938ff 51646->51649 51650 493958 51648->51650 51734 447718 19 API calls 51649->51734 51651 447498 32 API calls 51650->51651 51654 49396f 51651->51654 51652->51517 51655 44743c 32 API calls 51652->51655 51735 40822c 21 API calls 51654->51735 51656 4939fa 51655->51656 51738 42ed18 FormatMessageA 51656->51738 51660 493991 51662 447498 32 API calls 51660->51662 51663 4939a5 51662->51663 51669 452e68 2 API calls 51668->51669 51671 4533dd 51669->51671 51670 4533e1 51670->51625 51671->51670 51672 453405 MoveFileA GetLastError 51671->51672 51673 452ea4 Wow64RevertWow64FsRedirection 51672->51673 51674 45342b 51673->51674 51674->51625 51675->51517 51677 40700f 51676->51677 51678 407031 51677->51678 51679 407028 51677->51679 51681 403778 18 API calls 51678->51681 51680 403400 4 API calls 51679->51680 51682 40702f 51680->51682 51681->51682 51683 4477ec 19 API calls 51682->51683 51683->51517 51684->51503 51685->51517 51686->51511 51687->51517 51688->51512 51689->51517 51691 403738 51690->51691 51692 407702 SetCurrentDirectoryA 51691->51692 51692->51524 51693->51517 51694->51517 51695->51537 51696->51517 51697->51551 51698->51517 51699->51517 51700->51517 51701->51568 51702->51517 51704 42cbec IsDBCSLeadByte 51703->51704 51705 42cd8c 51704->51705 51706 403778 18 API calls 51705->51706 51707 42cd9e 51706->51707 51708 4477ec 19 API calls 51707->51708 51708->51517 51710 42cbec IsDBCSLeadByte 51709->51710 51711 42cdb4 51710->51711 51712 403778 18 API calls 51711->51712 51713 42cdc5 51712->51713 51714 4477ec 19 API calls 51713->51714 51714->51517 51715->51593 51716->51517 51717->51604 51718->51517 51719->51517 51720->51517 51721->51616 51722->51624 51724 452e68 2 API calls 51723->51724 51725 452eca 51724->51725 51726 452ece 51725->51726 51727 452eec CreateDirectoryA GetLastError 51725->51727 51726->51629 51728 452ea4 Wow64RevertWow64FsRedirection 51727->51728 51729 452f12 51728->51729 51729->51629 51730->51517 51731->51635 51732->51517 51733->51517 51734->51517 51735->51660 51739 42ed3e 51738->51739 51740 4034e0 18 API calls 51739->51740 51741 42ed5b 51740->51741 51742 4477ec 19 API calls 51741->51742 51742->51517 51743 46c7d0 51744 46cc6d 51743->51744 51745 46c804 51743->51745 51746 403400 4 API calls 51744->51746 51747 46c840 51745->51747 51750 46c89c 51745->51750 51751 46c87a 51745->51751 51752 46c88b 51745->51752 51753 46c858 51745->51753 51754 46c869 51745->51754 51749 46ccac 51746->51749 51747->51744 51833 4698f8 51747->51833 51758 403400 4 API calls 51749->51758 52094 46c760 60 API calls 51750->52094 51798 46c390 51751->51798 52093 46c550 83 API calls 51752->52093 52091 46c0e0 62 API calls 51753->52091 52092 46c248 57 API calls 51754->52092 51762 46ccb4 51758->51762 51761 46c85e 51761->51744 51761->51747 51763 46c8d8 51763->51744 51777 46c91b 51763->51777 52095 496688 51763->52095 51766 414f38 18 API calls 51766->51777 51770 42d010 20 API calls 51770->51777 51771 46bbec 37 API calls 51771->51777 51773 403450 18 API calls 51773->51777 51775 46ca97 51876 46aba0 51775->51876 51776 46bbec 37 API calls 51776->51744 51777->51744 51777->51766 51777->51770 51777->51771 51777->51773 51777->51775 51789 46cb5f 51777->51789 51836 469834 51777->51836 51844 484978 51777->51844 51869 46b958 51777->51869 52018 484470 51777->52018 52130 46be9c 33 API calls 51777->52130 51779 46cafd 51780 403450 18 API calls 51779->51780 51781 46cb0d 51780->51781 51782 46cb69 51781->51782 51783 46cb19 51781->51783 51787 46cc2b 51782->51787 51937 46bbec 51782->51937 52114 458718 51783->52114 51788 458718 38 API calls 51788->51789 51789->51776 52131 46d0e4 51798->52131 51801 46c512 51803 403420 4 API calls 51801->51803 51802 414f38 18 API calls 51805 46c3de 51802->51805 51804 46c52c 51803->51804 51806 403400 4 API calls 51804->51806 51807 46c4fe 51805->51807 52134 456720 51805->52134 51808 46c534 51806->51808 51807->51801 51810 403450 18 API calls 51807->51810 51811 403400 4 API calls 51808->51811 51810->51801 51812 46c53c 51811->51812 51812->51747 51815 46c461 51815->51801 51817 46c3fc 51817->51815 52143 46728c 51817->52143 51834 469834 33 API calls 51833->51834 51835 469907 51834->51835 51835->51763 51838 469863 51836->51838 51837 407d44 33 API calls 51839 46989c 51837->51839 51838->51837 51841 4698a4 51838->51841 52302 453aac 18 API calls 51839->52302 51842 403400 4 API calls 51841->51842 51843 4698bc 51842->51843 51843->51777 52303 418630 51844->52303 51846 4849af GetForegroundWindow 51847 4849ba SetActiveWindow 51846->51847 51848 4849c8 51846->51848 51847->51848 51851 4849e9 51848->51851 52305 484874 51848->52305 51850 4849e4 KiUserCallbackDispatcher 51850->51851 51852 484a15 51851->51852 51854 484aaa 51851->51854 51855 484a74 51851->51855 51853 484aec 51852->51853 52323 45850c 51852->52323 52315 4838a0 51853->52315 51860 46748c 34 API calls 51854->51860 52319 46748c 51855->52319 51858 484af8 52344 483058 PostMessageA 51858->52344 51862 484aa8 51860->51862 52322 4802d4 57 API calls 51862->52322 51866 484b28 51867 403420 4 API calls 51866->51867 51868 46ca59 KiUserCallbackDispatcher 51867->51868 51868->51777 51870 46b964 51869->51870 51871 46b969 51869->51871 51875 46b967 51870->51875 52935 46b3c4 51870->52935 53020 46a704 60 API calls 51871->53020 51874 46b971 51874->51777 51875->51777 51877 403400 4 API calls 51876->51877 51878 46abce 51877->51878 53043 47f004 51878->53043 51880 46ac31 51881 46ac35 51880->51881 51882 46ac4e 51880->51882 51883 46748c 34 API calls 51881->51883 51884 46ac3f 51882->51884 53050 496578 18 API calls 51882->53050 51883->51884 51888 46ad6d 51884->51888 51889 46add8 51884->51889 51936 46aee2 51884->51936 51886 403420 4 API calls 51891 46af0c 51886->51891 51887 46ac6a 51887->51884 51892 46ac72 51887->51892 51893 403494 4 API calls 51888->51893 51890 403494 4 API calls 51889->51890 51895 46ade5 51890->51895 51891->51779 51896 46bbec 37 API calls 51892->51896 51894 46ad7a 51893->51894 51897 40357c 18 API calls 51894->51897 51898 40357c 18 API calls 51895->51898 51905 46ac7f 51896->51905 51899 46ad87 51897->51899 51900 46adf2 51898->51900 51901 40357c 18 API calls 51899->51901 51902 40357c 18 API calls 51900->51902 51903 46ad94 51901->51903 51904 46adff 51902->51904 51906 40357c 18 API calls 51903->51906 51907 40357c 18 API calls 51904->51907 51910 46aca8 SetActiveWindow 51905->51910 51913 46acc0 51905->51913 51908 46ada1 51906->51908 51909 46ae0c 51907->51909 51911 46748c 34 API calls 51908->51911 51912 40357c 18 API calls 51909->51912 51910->51913 51914 46adaf 51911->51914 51915 46ae1a 51912->51915 51916 42fa00 28 API calls 51913->51916 51917 40357c 18 API calls 51914->51917 51918 414f68 18 API calls 51915->51918 51919 46acd6 51916->51919 51920 46adb8 51917->51920 51921 46add6 51918->51921 53051 496824 32 API calls 51919->53051 51923 40357c 18 API calls 51920->51923 53052 4677c4 51921->53052 51926 46adc5 51923->51926 51925 46ad11 51928 46ba68 35 API calls 51925->51928 51927 414f68 18 API calls 51926->51927 51927->51921 51929 46ad43 51928->51929 51929->51779 51936->51886 51938 4698f8 33 API calls 51937->51938 51939 46bc17 51938->51939 51940 46bc39 51939->51940 51941 465f58 21 API calls 51939->51941 53121 465f58 51940->53121 51941->51940 51946 414f38 18 API calls 52019 46d0e4 63 API calls 52018->52019 52020 4844b3 52019->52020 52021 4844bc 52020->52021 53417 409030 19 API calls 52020->53417 52023 414f38 18 API calls 52021->52023 52024 4844cc 52023->52024 52025 403450 18 API calls 52024->52025 52026 4844d9 52025->52026 53196 46d43c 52026->53196 52028 4844e9 52031 414f38 18 API calls 52028->52031 52032 4844f9 52031->52032 52033 403450 18 API calls 52032->52033 52034 484506 52033->52034 52035 46a4ec SendMessageA 52034->52035 52036 48451f 52035->52036 52037 484570 52036->52037 53419 47b124 37 API calls 52036->53419 53225 42462c IsIconic 52037->53225 52041 48458b SetActiveWindow 52042 4845a0 52041->52042 52043 4838a0 32 API calls 52042->52043 52044 4845b3 52043->52044 52091->51761 52092->51747 52093->51747 52094->51747 52096 43de68 18 API calls 52095->52096 52097 4966a9 52096->52097 52098 49673a 52097->52098 52099 4966b4 52097->52099 52100 496749 52098->52100 54963 495eb0 18 API calls 52098->54963 52101 432070 18 API calls 52099->52101 52100->51777 52103 4966c0 52101->52103 52104 4960e0 18 API calls 52103->52104 52105 4966e1 52104->52105 54955 4961f8 52105->54955 52108 43da34 32 API calls 52109 4966fe 52108->52109 54961 495f44 18 API calls 52109->54961 52111 496712 54962 434270 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 52111->54962 52113 496732 52113->51777 52115 45873d 52114->52115 52116 45875d 52115->52116 52117 407d44 33 API calls 52115->52117 52118 403400 4 API calls 52116->52118 52119 458755 52117->52119 52121 458772 52118->52121 52120 45850c 38 API calls 52119->52120 52120->52116 52121->51788 52130->51777 52153 46d17c 52131->52153 52135 42d010 20 API calls 52134->52135 52140 45674e 52135->52140 52136 456766 52138 403420 4 API calls 52136->52138 52137 4565a8 28 API calls 52137->52140 52139 4567b2 52138->52139 52139->51817 52140->52136 52140->52137 52141 42ccf4 19 API calls 52140->52141 52142 403494 4 API calls 52140->52142 52141->52140 52142->52140 52154 414f38 18 API calls 52153->52154 52155 46d1b0 52154->52155 52214 467524 52155->52214 52159 46d1c2 52160 46d1d1 52159->52160 52165 46d1ea 52159->52165 52248 4802d4 57 API calls 52160->52248 52162 46d1e5 52163 403420 4 API calls 52162->52163 52164 46c3c2 52163->52164 52164->51801 52164->51802 52166 46d231 52165->52166 52168 46d218 52165->52168 52167 46d296 52166->52167 52181 46d235 52166->52181 52251 42cf9c CharNextA 52167->52251 52249 4802d4 57 API calls 52168->52249 52171 46d2a5 52172 46d2a9 52171->52172 52177 46d2c2 52171->52177 52252 4802d4 57 API calls 52172->52252 52174 46d27d 52250 4802d4 57 API calls 52174->52250 52176 46d2e6 52253 4802d4 57 API calls 52176->52253 52177->52176 52228 467694 52177->52228 52181->52174 52181->52177 52184 46d2ff 52185 403778 18 API calls 52184->52185 52186 46d315 52185->52186 52236 42cdec 52186->52236 52219 46753e 52214->52219 52216 42d010 20 API calls 52216->52219 52217 403450 18 API calls 52217->52219 52218 407000 18 API calls 52218->52219 52219->52216 52219->52217 52219->52218 52220 467587 52219->52220 52258 42cefc 52219->52258 52221 403420 4 API calls 52220->52221 52222 4675a1 52221->52222 52223 414f68 52222->52223 52224 414f38 18 API calls 52223->52224 52225 414f8c 52224->52225 52226 403400 4 API calls 52225->52226 52227 414fbd 52226->52227 52227->52159 52229 46769e 52228->52229 52230 4676b1 52229->52230 52274 42cf8c CharNextA 52229->52274 52230->52176 52232 4676c4 52230->52232 52233 4676ce 52232->52233 52234 4676fb 52233->52234 52275 42cf8c CharNextA 52233->52275 52234->52176 52234->52184 52237 42ce02 52236->52237 52238 42ce45 52236->52238 52237->52238 52248->52162 52249->52162 52250->52162 52251->52171 52252->52162 52253->52162 52259 403494 4 API calls 52258->52259 52260 42cf0c 52259->52260 52261 403744 18 API calls 52260->52261 52264 42cf42 52260->52264 52267 42c894 IsDBCSLeadByte 52260->52267 52261->52260 52263 42cf86 52263->52219 52264->52263 52268 4037b8 52264->52268 52273 42c894 IsDBCSLeadByte 52264->52273 52267->52260 52269 403744 18 API calls 52268->52269 52271 4037c6 52269->52271 52270 4037fc 52270->52264 52271->52270 52272 4038a4 18 API calls 52271->52272 52272->52270 52273->52264 52274->52229 52275->52233 52302->51841 52304 41863a 52303->52304 52304->51846 52306 4848aa 52305->52306 52307 484947 52306->52307 52310 42fa00 28 API calls 52306->52310 52345 47f4bc 52306->52345 52349 47a4ec 52306->52349 52352 483b4c 52306->52352 52449 47a530 33 API calls 52306->52449 52308 484952 52307->52308 52442 48483c GetTickCount 52307->52442 52308->51850 52310->52306 52316 4838f1 52315->52316 52317 4838c3 52315->52317 52316->51858 52806 4965d4 52317->52806 52899 4673a0 52319->52899 52322->51852 52324 458538 52323->52324 52340 458640 52323->52340 52930 458208 GetSystemTimeAsFileTime FileTimeToSystemTime 52324->52930 52325 458691 52328 403400 4 API calls 52325->52328 52330 4586a6 52328->52330 52329 458540 52331 407d44 33 API calls 52329->52331 52330->51853 52332 4585b1 52331->52332 52931 4584fc 34 API calls 52332->52931 52334 458636 52933 4584fc 34 API calls 52334->52933 52335 458607 52335->52334 52341 403778 18 API calls 52335->52341 52336 403778 18 API calls 52338 4585b9 52336->52338 52338->52335 52338->52336 52339 4584fc 34 API calls 52338->52339 52339->52338 52340->52325 52934 457d78 20 API calls 52340->52934 52342 45862e 52341->52342 52932 4584fc 34 API calls 52342->52932 52344->51866 52346 47f563 52345->52346 52347 47f4d0 52345->52347 52346->52306 52347->52346 52450 457c6c 29 API calls 52347->52450 52451 47a448 52349->52451 52353 45850c 38 API calls 52352->52353 52354 483b91 52353->52354 52355 483ba8 52354->52355 52356 483b9c 52354->52356 52357 45850c 38 API calls 52355->52357 52358 45850c 38 API calls 52356->52358 52359 483ba6 52357->52359 52358->52359 52360 483bb8 52359->52360 52361 483bc4 52359->52361 52362 45850c 38 API calls 52360->52362 52363 45850c 38 API calls 52361->52363 52364 483bc2 52362->52364 52363->52364 52459 47d578 52364->52459 52367 403494 4 API calls 52368 483be5 52367->52368 52369 40357c 18 API calls 52368->52369 52446 484854 52442->52446 52444 484871 52444->52308 52445 484846 GetTickCount 52445->52444 52445->52446 52446->52444 52446->52445 52447 483894 12 API calls 52446->52447 52801 42f0c4 MsgWaitForMultipleObjects 52446->52801 52802 484808 GetForegroundWindow 52446->52802 52447->52446 52449->52306 52450->52346 52452 47a454 52451->52452 52453 47a47c 52451->52453 52454 47a475 52452->52454 52457 453aac 18 API calls 52452->52457 52453->52306 52458 47a308 33 API calls 52454->52458 52457->52454 52458->52453 52476 47d5c0 52459->52476 52477 403494 4 API calls 52476->52477 52479 47d5f3 52477->52479 52478 47d705 52480 403420 4 API calls 52478->52480 52479->52478 52483 403778 18 API calls 52479->52483 52485 403800 18 API calls 52479->52485 52487 4037b8 18 API calls 52479->52487 52488 47c40c 52479->52488 52732 453aac 18 API calls 52479->52732 52733 42cdcc CharPrevA 52479->52733 52481 47d595 52480->52481 52481->52367 52483->52479 52485->52479 52487->52479 52489 47c45e 52488->52489 52492 47c43c 52488->52492 52490 47c47e 52489->52490 52491 47c46c 52489->52491 52496 47c4e1 52490->52496 52497 47c48c 52490->52497 52493 403494 4 API calls 52491->52493 52492->52489 52738 47b33c 33 API calls 52492->52738 52495 47c479 52493->52495 52498 403400 4 API calls 52495->52498 52508 47c502 52496->52508 52509 47c4ef 52496->52509 52499 47c495 52497->52499 52500 47c4bb 52497->52500 52503 47c4a8 52499->52503 52739 453aac 18 API calls 52499->52739 52501 47c4ce 52500->52501 52740 453aac 18 API calls 52500->52740 52513 47c523 52508->52513 52732->52479 52733->52479 52738->52492 52739->52503 52740->52501 52801->52446 52803 48481b GetWindowThreadProcessId 52802->52803 52804 484834 52802->52804 52803->52804 52805 484829 GetCurrentProcessId 52803->52805 52804->52446 52805->52804 52821 43de68 52806->52821 52809 49666d 52811 49667d 52809->52811 52852 495eb0 18 API calls 52809->52852 52810 4965fd 52826 432070 52810->52826 52811->52316 52853 43238c 52821->52853 52823 403400 4 API calls 52824 43df16 52823->52824 52824->52809 52824->52810 52825 43de92 52825->52823 52827 432076 52826->52827 52828 402648 18 API calls 52827->52828 52829 4320a6 52828->52829 52830 4960e0 52829->52830 52852->52811 52854 403494 4 API calls 52853->52854 52856 43239b 52854->52856 52855 4323c5 52855->52825 52856->52855 52857 403744 18 API calls 52856->52857 52857->52856 52900 403494 4 API calls 52899->52900 52901 4673ce 52900->52901 52916 42e018 52901->52916 52904 42e018 19 API calls 52905 4673f2 52904->52905 52906 46728c 33 API calls 52905->52906 52907 4673fc 52906->52907 52908 42e018 19 API calls 52907->52908 52909 46740b 52908->52909 52919 467304 52909->52919 52912 42e018 19 API calls 52913 467424 52912->52913 52923 42df60 52916->52923 52920 467324 52919->52920 52921 407d44 33 API calls 52920->52921 52922 46736e 52921->52922 52922->52912 52924 42df80 52923->52924 52925 42e00b 52923->52925 52924->52925 52926 4037b8 18 API calls 52924->52926 52928 403800 18 API calls 52924->52928 52929 42c894 IsDBCSLeadByte 52924->52929 52925->52904 52926->52924 52928->52924 52929->52924 52930->52329 52931->52338 52932->52334 52933->52340 52934->52325 52937 46b40b 52935->52937 52936 46b883 52938 46b89e 52936->52938 52939 46b8cf 52936->52939 52937->52936 52940 46b4c6 52937->52940 52943 403494 4 API calls 52937->52943 52942 403494 4 API calls 52938->52942 52944 403494 4 API calls 52939->52944 52941 46b4e7 52940->52941 52945 46b528 52940->52945 52946 403494 4 API calls 52941->52946 52947 46b8ac 52942->52947 52948 46b44a 52943->52948 52949 46b8dd 52944->52949 52953 403400 4 API calls 52945->52953 52950 46b4f5 52946->52950 53038 469de0 26 API calls 52947->53038 52952 414f38 18 API calls 52948->52952 53039 469de0 26 API calls 52949->53039 52955 414f38 18 API calls 52950->52955 52956 46b46b 52952->52956 52957 46b526 52953->52957 52960 46b516 52955->52960 52961 403634 18 API calls 52956->52961 52978 46b60c 52957->52978 53021 46a4ec 52957->53021 52958 46b8ba 52959 403400 4 API calls 52958->52959 52962 46b900 52959->52962 52964 403634 18 API calls 52960->52964 52965 46b47b 52961->52965 52968 403400 4 API calls 52962->52968 52963 46b694 52970 403400 4 API calls 52963->52970 52964->52957 52969 414f38 18 API calls 52965->52969 52967 46b548 52972 46b586 52967->52972 52973 46b54e 52967->52973 52974 46b908 52968->52974 52975 46b48f 52969->52975 52971 46b692 52970->52971 53033 46a928 57 API calls 52971->53033 52979 403400 4 API calls 52972->52979 52976 403494 4 API calls 52973->52976 52977 403420 4 API calls 52974->52977 52975->52940 52984 414f38 18 API calls 52975->52984 52980 46b55c 52976->52980 52981 46b915 52977->52981 52978->52963 52982 46b653 52978->52982 52983 46b584 52979->52983 52986 47d578 57 API calls 52980->52986 52981->51875 52987 403494 4 API calls 52982->52987 53027 46a7e0 52983->53027 52988 46b4b6 52984->52988 52991 46b574 52986->52991 52992 46b661 52987->52992 52989 403634 18 API calls 52988->52989 52989->52940 52990 46b6bd 52998 46b71e 52990->52998 52999 46b6c8 52990->52999 52993 403634 18 API calls 52991->52993 52994 414f38 18 API calls 52992->52994 52993->52983 52996 46b682 52994->52996 53000 403634 18 API calls 52996->53000 52997 46b5ad 53003 46b60e 52997->53003 53004 46b5b8 52997->53004 53001 403400 4 API calls 52998->53001 53002 403494 4 API calls 52999->53002 53000->52971 53005 46b726 53001->53005 53010 46b6d6 53002->53010 53007 403400 4 API calls 53003->53007 53006 403494 4 API calls 53004->53006 53008 46b71c 53005->53008 53019 46b7cf 53005->53019 53012 46b5c6 53006->53012 53007->52978 53008->53005 53034 496578 18 API calls 53008->53034 53010->53005 53010->53008 53013 403634 18 API calls 53010->53013 53011 46b749 53011->53019 53035 496824 32 API calls 53011->53035 53012->52978 53015 403634 18 API calls 53012->53015 53013->53010 53015->53012 53017 46b870 53037 429594 SendMessageA SendMessageA 53017->53037 53036 429544 SendMessageA 53019->53036 53020->51874 53040 42a490 SendMessageA 53021->53040 53023 46a4fb 53024 46a51b 53023->53024 53041 42a490 SendMessageA 53023->53041 53024->52967 53026 46a50b 53026->52967 53031 46a80d 53027->53031 53028 46a86f 53029 403400 4 API calls 53028->53029 53030 46a884 53029->53030 53030->52997 53031->53028 53042 46a764 57 API calls 53031->53042 53033->52990 53034->53011 53035->53019 53036->53017 53037->52936 53038->52958 53039->52958 53040->53023 53041->53026 53042->53031 53044 47f05a 53043->53044 53045 47f01d 53043->53045 53044->51880 53056 4564a8 53045->53056 53049 47f071 53049->51880 53050->51887 53051->51925 53118 44b9b4 53052->53118 53057 4564b9 53056->53057 53058 4564c6 53057->53058 53059 4564bd 53057->53059 53090 45628c 43 API calls 53058->53090 53082 4561ac 53059->53082 53062 4564c3 53062->53044 53063 47ec74 53062->53063 53064 47ed70 53063->53064 53070 47ecb4 53063->53070 53074 47edc1 53064->53074 53078 47ed13 53064->53078 53115 47a8a8 33 API calls 53064->53115 53065 403420 4 API calls 53066 47ee53 53065->53066 53066->53049 53070->53064 53073 47d578 57 API calls 53070->53073 53070->53078 53080 47ed1c 53070->53080 53098 47a9e8 53070->53098 53113 47ab64 18 API calls 53070->53113 53071 47d578 57 API calls 53071->53074 53072 454868 34 API calls 53072->53074 53073->53070 53074->53064 53074->53071 53074->53072 53076 47ed5d 53074->53076 53075 47d578 57 API calls 53075->53080 53076->53078 53077 42cd7c 19 API calls 53077->53080 53078->53065 53079 42cda4 19 API calls 53079->53080 53080->53070 53080->53075 53080->53076 53080->53077 53080->53079 53114 47e980 66 API calls 53080->53114 53083 42e26c RegOpenKeyExA 53082->53083 53084 4561c9 53083->53084 53085 456217 53084->53085 53091 4560e0 53084->53091 53085->53062 53088 4560e0 20 API calls 53089 4561f8 RegCloseKey 53088->53089 53089->53062 53090->53062 53092 42e1a8 20 API calls 53091->53092 53096 456108 53092->53096 53093 456178 53094 403420 4 API calls 53093->53094 53095 456192 53094->53095 53095->53088 53096->53093 53097 40352c 18 API calls 53096->53097 53097->53096 53099 47a9fe 53098->53099 53100 47a9fa 53098->53100 53101 403450 18 API calls 53099->53101 53100->53070 53102 47aa0b 53101->53102 53103 403450 18 API calls 53102->53103 53104 47aa17 53103->53104 53105 47aa37 53104->53105 53106 47aa1d 53104->53106 53117 47a8a8 33 API calls 53105->53117 53116 47a8a8 33 API calls 53106->53116 53109 47aa33 53110 403400 4 API calls 53109->53110 53111 47aa5b 53110->53111 53112 403400 4 API calls 53111->53112 53112->53100 53113->53070 53114->53080 53115->53064 53116->53109 53117->53109 53119 44b82c 25 API calls 53118->53119 53123 465f63 53121->53123 53122 46603e 53132 467d18 53122->53132 53123->53122 53127 465fb3 53123->53127 53143 421e6c 53123->53143 53124 465ff6 53124->53122 53149 418a08 21 API calls 53124->53149 53127->53124 53128 465fed 53127->53128 53129 465ff8 53127->53129 53130 421e6c 21 API calls 53128->53130 53131 421e6c 21 API calls 53129->53131 53130->53124 53131->53124 53133 467d48 53132->53133 53134 467d29 53132->53134 53133->51946 53135 414f68 18 API calls 53134->53135 53146 421ec4 53143->53146 53148 421e7a 53143->53148 53144 40910c 19 API calls 53147 421ea9 53144->53147 53146->53127 53147->53146 53150 422178 SetFocus GetFocus 53147->53150 53148->53144 53148->53147 53149->53122 53150->53146 53197 46d465 53196->53197 53198 414f38 18 API calls 53197->53198 53199 46d4b2 53197->53199 53200 46d47b 53198->53200 53201 403420 4 API calls 53199->53201 53423 4675b0 20 API calls 53200->53423 53203 46d55c 53201->53203 53203->52028 53418 409030 19 API calls 53203->53418 53204 46d483 53205 414f68 18 API calls 53204->53205 53206 46d491 53205->53206 53207 46d49e 53206->53207 53209 46d4b7 53206->53209 53424 4802d4 57 API calls 53207->53424 53210 46d4cf 53209->53210 53211 467694 CharNextA 53209->53211 53425 4802d4 57 API calls 53210->53425 53213 46d4cb 53211->53213 53213->53210 53214 46d4e5 53213->53214 53215 46d501 53214->53215 53216 46d4eb 53214->53216 53217 42cdec CharNextA 53215->53217 53426 4802d4 57 API calls 53216->53426 53219 46d50e 53217->53219 53219->53199 53427 467720 18 API calls 53219->53427 53221 46d525 53222 451b9c 18 API calls 53221->53222 53226 424673 53225->53226 53227 42463d SetActiveWindow 53225->53227 53226->52041 53226->52042 53429 423a9c 53227->53429 53419->52037 53423->53204 53424->53199 53425->53199 53426->53199 53427->53221 53443 423a48 SystemParametersInfoA 53429->53443 53444 423a66 53443->53444 54956 496214 54955->54956 54964 43420c 54956->54964 54958 496219 54959 432140 18 API calls 54958->54959 54960 496224 54959->54960 54960->52108 54961->52111 54962->52113 54963->52100 54965 402648 18 API calls 54964->54965 54966 43421b 54965->54966 54966->54958 54968 49a490 55026 403344 54968->55026 54970 49a49e 55029 4056a0 54970->55029 54972 49a4a3 55032 4063f4 GetModuleHandleA GetVersion 54972->55032 54976 49a4ad 55123 409d9c 54976->55123 55433 4032fc 55026->55433 55028 403349 GetModuleHandleA GetCommandLineA 55028->54970 55030 4033bc 4 API calls 55029->55030 55031 4056db 55029->55031 55030->55031 55031->54972 55033 406445 55032->55033 55034 406425 GetProcAddress 55032->55034 55036 40644d GetProcAddress 55033->55036 55037 40664f GetProcAddress 55033->55037 55034->55033 55035 406436 55034->55035 55035->55033 55040 40645c 55036->55040 55038 406665 GetProcAddress 55037->55038 55039 40665e 55037->55039 55041 406674 SetProcessDEPPolicy 55038->55041 55042 406678 55038->55042 55039->55038 55434 406340 19 API calls 55040->55434 55041->55042 55046 403400 4 API calls 55042->55046 55044 40646b 55045 403450 18 API calls 55044->55045 55048 406478 55045->55048 55047 40668d 55046->55047 55122 406814 6F551CD0 55047->55122 55048->55037 55049 4064ab 55048->55049 55050 40357c 18 API calls 55048->55050 55051 403494 4 API calls 55049->55051 55050->55049 55052 4064b9 55051->55052 55053 40357c 18 API calls 55052->55053 55054 4064c6 55053->55054 55435 40636c SetErrorMode LoadLibraryA 55054->55435 55056 4064ce 55057 403494 4 API calls 55056->55057 55058 4064dc 55057->55058 55059 40357c 18 API calls 55058->55059 55060 4064e9 55059->55060 55436 40636c SetErrorMode LoadLibraryA 55060->55436 55062 4064f1 55063 403494 4 API calls 55062->55063 55064 4064ff 55063->55064 55065 40357c 18 API calls 55064->55065 55066 40650c 55065->55066 55437 40636c SetErrorMode LoadLibraryA 55066->55437 55122->54976 55447 409474 55123->55447 55433->55028 55434->55044 55435->55056 55436->55062 55448 40910c 19 API calls 55447->55448 55449 409485 55448->55449 55450 408a2c GetSystemDefaultLCID 55449->55450 55454 408a62 55450->55454 55451 40723c 19 API calls 55451->55454 55452 4089b8 19 API calls 55452->55454 55453 403450 18 API calls 55453->55454 55454->55451 55454->55452 55454->55453 55458 408ac4 55454->55458 55455 4089b8 19 API calls 55455->55458 55456 403450 18 API calls 55456->55458 55457 40723c 19 API calls 55457->55458 55458->55455 55458->55456 55458->55457 55459 408b47 55458->55459 55460 403420 4 API calls 55459->55460 55461 408b61 55460->55461 55462 408b70 GetSystemDefaultLCID 55461->55462 55519 4089b8 GetLocaleInfoA 55462->55519 55465 403450 18 API calls 55466 408bb0 55465->55466 55520 4089f1 55519->55520 55521 4089df 55519->55521 55523 403494 4 API calls 55520->55523 55522 4034e0 18 API calls 55521->55522 55524 4089ef 55522->55524 55523->55524 55524->55465 56934 499793 56935 4997a7 56934->56935 56936 42f574 18 API calls 56935->56936 56937 4997d8 56936->56937 56938 42f574 18 API calls 56937->56938 56939 4997eb 56938->56939 56940 42f574 18 API calls 56939->56940 56941 4997fe 56940->56941 56942 42f574 18 API calls 56941->56942 56943 499811 56942->56943 56944 424714 19 API calls 56943->56944 56945 499821 56944->56945 56946 42d174 GetFileAttributesA 56945->56946 56947 49982b 56946->56947 56948 49984d 56947->56948 57125 497b6c 57 API calls 56947->57125 56950 499866 56948->56950 56951 499856 56948->56951 56963 498914 56950->56963 57127 4983a0 41 API calls 56951->57127 56953 499848 57126 409030 19 API calls 56953->57126 56955 499864 57129 457a90 GetWindowLongA DestroyWindow SendMessageA 56955->57129 56957 49985b 56957->56955 57128 498538 77 API calls 56957->57128 56960 499889 56961 403400 4 API calls 56960->56961 56962 4998a8 56961->56962 56964 49893a 56963->56964 56965 498958 56964->56965 56966 498951 56964->56966 56968 498987 56965->56968 56969 498993 56965->56969 57287 47fa5c 6 API calls 56966->57287 57288 457950 48 API calls 56968->57288 56970 4989bd 56969->56970 56972 4989bf 56969->56972 56973 4989b3 56969->56973 56974 45850c 38 API calls 56970->56974 57290 4584b0 44 API calls 56972->57290 57289 4582f8 50 API calls 56973->57289 56977 498a0a 56974->56977 56978 403494 4 API calls 56977->56978 56979 498a17 56978->56979 56980 40357c 18 API calls 56979->56980 56981 498a25 56980->56981 56982 45850c 38 API calls 56981->56982 56983 498a2d 56982->56983 56984 403494 4 API calls 56983->56984 56985 498a3a 56984->56985 56986 40357c 18 API calls 56985->56986 56987 498a48 56986->56987 56988 45850c 38 API calls 56987->56988 57125->56953 57127->56957 57128->56955 57129->56960 57287->56965 57288->56969 57289->56970 57290->56970 57459 42405c 57460 424092 57459->57460 57475 4240b3 57460->57475 57553 423fb8 57460->57553 57463 42413c 57467 424143 57463->57467 57468 424177 57463->57468 57464 4240dd 57465 4240e3 57464->57465 57466 4241a0 57464->57466 57469 4240e8 57465->57469 57483 424115 57465->57483 57472 4241b2 57466->57472 57473 4241bb 57466->57473 57474 424149 57467->57474 57512 424401 57467->57512 57470 424182 57468->57470 57471 4244ea IsIconic 57468->57471 57479 424246 57469->57479 57480 4240ee 57469->57480 57481 424526 57470->57481 57482 42418b 57470->57482 57471->57475 57476 4244fe GetFocus 57471->57476 57484 4241c8 57472->57484 57485 4241b9 57472->57485 57568 4245e4 11 API calls 57473->57568 57477 424363 SendMessageA 57474->57477 57478 424157 57474->57478 57476->57475 57488 42450f 57476->57488 57477->57475 57478->57475 57510 424110 57478->57510 57531 4243a6 57478->57531 57573 423fd4 NtdllDefWindowProc_A 57479->57573 57489 4240f7 57480->57489 57490 42426e PostMessageA 57480->57490 57579 424ca0 WinHelpA PostMessageA 57481->57579 57493 42453d 57482->57493 57482->57510 57483->57475 57501 42412e 57483->57501 57502 42428f 57483->57502 57487 42462c 11 API calls 57484->57487 57569 423fd4 NtdllDefWindowProc_A 57485->57569 57487->57475 57578 41f444 GetCurrentThreadId EnumThreadWindows 57488->57578 57496 424100 57489->57496 57497 4242f5 57489->57497 57557 423fd4 NtdllDefWindowProc_A 57490->57557 57499 424546 57493->57499 57500 42455b 57493->57500 57505 424109 57496->57505 57506 42421e IsIconic 57496->57506 57507 4242fe 57497->57507 57508 42432f 57497->57508 57498 42453b 57498->57475 57509 424924 19 API calls 57499->57509 57580 42497c LocalAlloc TlsSetValue TlsGetValue TlsGetValue SendMessageA 57500->57580 57501->57510 57511 42425b 57501->57511 57558 423fd4 NtdllDefWindowProc_A 57502->57558 57504 424516 57504->57475 57516 42451e SetFocus 57504->57516 57505->57510 57517 4241e1 57505->57517 57519 42423a 57506->57519 57520 42422e 57506->57520 57518 423f64 5 API calls 57507->57518 57566 423fd4 NtdllDefWindowProc_A 57508->57566 57509->57475 57510->57475 57567 423fd4 NtdllDefWindowProc_A 57510->57567 57523 4245c8 26 API calls 57511->57523 57512->57475 57527 424427 IsWindowEnabled 57512->57527 57515 424295 57524 4242d3 57515->57524 57525 4242b1 57515->57525 57516->57475 57517->57475 57570 42309c ShowWindow PostMessageA PostQuitMessage 57517->57570 57526 424306 57518->57526 57572 423fd4 NtdllDefWindowProc_A 57519->57572 57571 424010 29 API calls 57520->57571 57523->57475 57559 423ed4 57524->57559 57532 423f64 5 API calls 57525->57532 57535 424318 57526->57535 57541 41f3a8 6 API calls 57526->57541 57527->57475 57536 424435 57527->57536 57530 424335 57537 42434d 57530->57537 57543 41f2f4 2 API calls 57530->57543 57531->57475 57538 4243c8 IsWindowEnabled 57531->57538 57539 4242b9 PostMessageA 57532->57539 57574 423fd4 NtdllDefWindowProc_A 57535->57574 57546 42443c IsWindowVisible 57536->57546 57544 423ed4 6 API calls 57537->57544 57538->57475 57545 4243d6 57538->57545 57539->57475 57541->57535 57543->57537 57544->57475 57575 412760 21 API calls 57545->57575 57546->57475 57548 42444a GetFocus 57546->57548 57549 418630 57548->57549 57550 42445f SetFocus 57549->57550 57576 415690 57550->57576 57554 423fc2 57553->57554 57555 423fcd 57553->57555 57554->57555 57556 408b70 21 API calls 57554->57556 57555->57463 57555->57464 57556->57555 57557->57475 57558->57515 57560 423f5d PostMessageA 57559->57560 57561 423ee4 57559->57561 57560->57475 57561->57560 57562 423eea EnumWindows 57561->57562 57562->57560 57563 423f06 GetWindow GetWindowLongA 57562->57563 57581 423e6c GetWindow 57562->57581 57564 423f25 57563->57564 57564->57560 57565 423f51 SetWindowPos 57564->57565 57565->57560 57565->57564 57566->57530 57567->57475 57568->57475 57569->57475 57570->57475 57571->57475 57572->57475 57573->57475 57574->57475 57575->57475 57577 4156ab SetFocus 57576->57577 57577->57475 57578->57504 57579->57498 57580->57498 57582 423e8d GetWindowLongA 57581->57582 57583 423e99 57581->57583 57582->57583 57584 41f2a4 57585 41f2b3 IsWindowVisible 57584->57585 57586 41f2e9 57584->57586 57585->57586 57587 41f2bd IsWindowEnabled 57585->57587 57587->57586 57588 41f2c7 57587->57588 57589 402648 18 API calls 57588->57589 57590 41f2d1 EnableWindow 57589->57590 57590->57586 57591 41ffa8 57592 41ffb1 57591->57592 57595 42024c 57592->57595 57594 41ffbe 57596 42033e 57595->57596 57597 420263 57595->57597 57596->57594 57597->57596 57616 41fe0c GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 57597->57616 57599 420299 57600 4202c3 57599->57600 57601 42029d 57599->57601 57626 41fe0c GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 57600->57626 57617 41ffec 57601->57617 57605 4202d1 57607 4202d5 57605->57607 57608 4202fb 57605->57608 57606 41ffec 10 API calls 57615 4202c1 57606->57615 57609 41ffec 10 API calls 57607->57609 57610 41ffec 10 API calls 57608->57610 57611 4202e7 57609->57611 57612 42030d 57610->57612 57613 41ffec 10 API calls 57611->57613 57614 41ffec 10 API calls 57612->57614 57613->57615 57614->57615 57615->57594 57616->57599 57618 420007 57617->57618 57619 41fd8c 4 API calls 57618->57619 57620 42001d 57618->57620 57619->57620 57627 41fd8c 57620->57627 57622 420065 57623 420088 SetScrollInfo 57622->57623 57635 41feec 57623->57635 57626->57605 57628 418630 57627->57628 57629 41fda9 GetWindowLongA 57628->57629 57630 41fde6 57629->57630 57631 41fdc6 57629->57631 57647 41fd18 GetWindowLongA GetSystemMetrics GetSystemMetrics 57630->57647 57646 41fd18 GetWindowLongA GetSystemMetrics GetSystemMetrics 57631->57646 57634 41fdd2 57634->57622 57636 41fefa 57635->57636 57637 41ff02 57635->57637 57636->57606 57638 41ff41 57637->57638 57639 41ff31 57637->57639 57643 41ff3f 57637->57643 57649 418298 IsWindowVisible ScrollWindow SetWindowPos 57638->57649 57648 418298 IsWindowVisible ScrollWindow SetWindowPos 57639->57648 57642 41ff81 GetScrollPos 57642->57636 57644 41ff8c 57642->57644 57643->57642 57645 41ff9b SetScrollPos 57644->57645 57645->57636 57646->57634 57647->57634 57648->57643 57649->57643 57650 4209e8 57651 4209fb 57650->57651 57671 415f80 57651->57671 57653 420b42 57654 420b59 57653->57654 57678 414b24 KiUserCallbackDispatcher 57653->57678 57658 420b70 57654->57658 57679 414b68 KiUserCallbackDispatcher 57654->57679 57655 420aa1 57676 420c98 34 API calls 57655->57676 57656 420a36 57656->57653 57656->57655 57664 420a92 MulDiv 57656->57664 57661 420b92 57658->57661 57680 4204b0 12 API calls 57658->57680 57662 420aba 57662->57653 57677 4204b0 12 API calls 57662->57677 57675 41a754 19 API calls 57664->57675 57667 420ad7 57668 420af3 MulDiv 57667->57668 57669 420b16 57667->57669 57668->57669 57669->57653 57670 420b1f MulDiv 57669->57670 57670->57653 57672 415f92 57671->57672 57681 4148c0 57672->57681 57674 415faa 57674->57656 57675->57655 57676->57662 57677->57667 57678->57654 57679->57658 57680->57661 57682 4148da 57681->57682 57685 4108a8 57682->57685 57684 4148f0 57684->57674 57688 40e0f4 57685->57688 57687 4108ae 57687->57684 57689 40e156 57688->57689 57690 40e107 57688->57690 57695 40e164 57689->57695 57693 40e164 33 API calls 57690->57693 57694 40e131 57693->57694 57694->57687 57696 40e174 57695->57696 57698 40e18a 57696->57698 57707 40e4ec 57696->57707 57723 40da30 57696->57723 57726 40e39c 57698->57726 57701 40e192 57702 40da30 19 API calls 57701->57702 57703 40e1fe 57701->57703 57729 40dfb0 57701->57729 57702->57701 57704 40e39c 19 API calls 57703->57704 57706 40e160 57704->57706 57706->57687 57708 40edbc 19 API calls 57707->57708 57711 40e527 57708->57711 57709 403778 18 API calls 57709->57711 57710 40e5dd 57712 40e607 57710->57712 57713 40e5f8 57710->57713 57711->57709 57711->57710 57796 40dbc4 19 API calls 57711->57796 57797 40e4d0 19 API calls 57711->57797 57793 40be74 57712->57793 57743 40e810 57713->57743 57718 40e605 57720 403400 4 API calls 57718->57720 57721 40e6ac 57720->57721 57721->57696 57724 40ee58 19 API calls 57723->57724 57725 40da3a 57724->57725 57725->57696 57830 40d90c 57726->57830 57730 40e3a4 19 API calls 57729->57730 57731 40dfe3 57730->57731 57732 40edbc 19 API calls 57731->57732 57733 40dfee 57732->57733 57734 40edbc 19 API calls 57733->57734 57735 40dff9 57734->57735 57736 40e014 57735->57736 57737 40e00b 57735->57737 57742 40e011 57735->57742 57839 40de28 57736->57839 57842 40df18 33 API calls 57737->57842 57740 403420 4 API calls 57741 40e0df 57740->57741 57741->57701 57742->57740 57744 40e846 57743->57744 57745 40e83c 57743->57745 57747 40e961 57744->57747 57748 40e8e5 57744->57748 57749 40e946 57744->57749 57750 40e9c6 57744->57750 57751 40e888 57744->57751 57752 40e929 57744->57752 57753 40e90b 57744->57753 57783 40e8ac 57744->57783 57788 40e8b9 57744->57788 57799 40d890 19 API calls 57745->57799 57758 40dbb4 19 API calls 57747->57758 57807 40e274 19 API calls 57748->57807 57812 40ece0 19 API calls 57749->57812 57755 40dbb4 19 API calls 57750->57755 57800 40dbb4 57751->57800 57810 40edf8 19 API calls 57752->57810 57809 40e234 19 API calls 57753->57809 57764 40e9ce 57755->57764 57766 40e969 57758->57766 57760 403400 4 API calls 57767 40ea3b 57760->57767 57763 40e8f0 57808 40d8c0 19 API calls 57763->57808 57770 40e9d2 57764->57770 57771 40e9eb 57764->57771 57774 40e973 57766->57774 57775 40e96d 57766->57775 57767->57718 57768 40e934 57811 40a188 18 API calls 57768->57811 57777 40ee58 19 API calls 57770->57777 57819 40e274 19 API calls 57771->57819 57772 40e8b1 57805 40e328 19 API calls 57772->57805 57773 40e894 57803 40e274 19 API calls 57773->57803 57813 40ee58 57774->57813 57784 40ee58 19 API calls 57775->57784 57792 40e971 57775->57792 57777->57783 57782 40e89f 57804 40e6bc 19 API calls 57782->57804 57783->57760 57787 40e994 57784->57787 57816 40dcf0 19 API calls 57787->57816 57788->57783 57806 40dc68 19 API calls 57788->57806 57789 40e9b6 57818 40e724 18 API calls 57789->57818 57792->57783 57817 40e274 19 API calls 57792->57817 57825 40be20 57793->57825 57796->57711 57797->57711 57798 40dbc4 19 API calls 57798->57718 57799->57744 57801 40ee58 19 API calls 57800->57801 57802 40dbbe 57801->57802 57802->57772 57802->57773 57803->57782 57804->57783 57805->57788 57806->57783 57807->57763 57808->57783 57809->57783 57810->57768 57811->57783 57812->57783 57820 40dbd0 57813->57820 57816->57792 57817->57789 57818->57783 57819->57783 57823 40dbdb 57820->57823 57821 40dc15 57821->57783 57823->57821 57824 40dc1c 19 API calls 57823->57824 57824->57823 57826 40be57 57825->57826 57827 40be32 57825->57827 57826->57718 57826->57798 57827->57826 57829 40bed4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57827->57829 57829->57826 57831 40ee58 19 API calls 57830->57831 57832 40d919 57831->57832 57833 40d92c 57832->57833 57837 40ef5c 19 API calls 57832->57837 57833->57701 57835 40d927 57838 40d8a8 19 API calls 57835->57838 57837->57835 57838->57833 57843 40afcc 33 API calls 57839->57843 57841 40de50 57841->57742 57842->57742 57843->57841 57844 416e6c 57845 416e97 57844->57845 57846 416e7f 57844->57846 57850 416e92 57845->57850 57869 416de0 PtInRect GetCapture 57845->57869 57847 416e81 57846->57847 57848 416eea 57846->57848 57854 416eb4 57847->57854 57855 416e86 57847->57855 57861 4156c0 57848->57861 57852 4156c0 73 API calls 57850->57852 57853 416f21 57850->57853 57852->57853 57854->57850 57860 421f3c 6 API calls 57854->57860 57855->57850 57856 416f51 GetCapture 57855->57856 57856->57850 57857 416ef3 57857->57853 57868 416d20 PtInRect 57857->57868 57860->57850 57862 4156cd 57861->57862 57863 415733 57862->57863 57864 415728 57862->57864 57867 415731 57862->57867 57870 424fdc 13 API calls 57863->57870 57864->57867 57871 4154ac 60 API calls 57864->57871 57867->57857 57868->57853 57869->57850 57870->57867 57871->57867 57872 422cac 57873 422cdc 57872->57873 57874 422cbf 57872->57874 57876 422d16 57873->57876 57877 422ef1 57873->57877 57880 422f4f 57873->57880 57874->57873 57875 40910c 19 API calls 57874->57875 57875->57873 57892 422d6d 57876->57892 57912 4235f8 GetSystemMetrics 57876->57912 57878 422f43 57877->57878 57879 422f39 57877->57879 57878->57880 57884 422f87 57878->57884 57885 422f68 57878->57885 57915 42227c 25 API calls 57879->57915 57881 422e19 57886 422e25 57881->57886 57887 422e5b 57881->57887 57882 422ecc 57889 422ee6 ShowWindow 57882->57889 57894 422f91 GetActiveWindow 57884->57894 57893 422f7f SetWindowPos 57885->57893 57895 422e2f SendMessageA 57886->57895 57891 422e75 ShowWindow 57887->57891 57889->57880 57890 422db1 57913 4235f0 GetSystemMetrics 57890->57913 57896 418630 57891->57896 57892->57881 57892->57882 57893->57880 57897 422f9c 57894->57897 57911 422fbb 57894->57911 57898 418630 57895->57898 57900 422e97 CallWindowProcA 57896->57900 57905 422fa4 IsIconic 57897->57905 57901 422e53 ShowWindow 57898->57901 57914 415114 57900->57914 57906 422eaa SendMessageA 57901->57906 57903 422fc1 57907 422fd8 SetWindowPos SetActiveWindow 57903->57907 57904 422fe6 57908 422ff0 ShowWindow 57904->57908 57909 422fae 57905->57909 57905->57911 57906->57880 57907->57880 57908->57880 57916 41f444 GetCurrentThreadId EnumThreadWindows 57909->57916 57911->57903 57911->57904 57912->57890 57913->57892 57914->57906 57915->57878 57916->57911 57917 47dbe8 57918 47dc12 57917->57918 57919 47dbf1 57917->57919 57921 42c84c 19 API calls 57918->57921 57920 42c84c 19 API calls 57919->57920 57922 47dbfe 57920->57922 57923 47dc1f 57921->57923 57924 4035c0 18 API calls 57922->57924 57925 4035c0 18 API calls 57923->57925 57926 47dc10 57924->57926 57925->57926 57927 47d8e4 22 API calls 57926->57927 57928 47dc36 57927->57928 57929 403400 4 API calls 57928->57929 57930 47dc4b 57929->57930 57931 402e70 57932 402eea 57931->57932 57935 402e81 57931->57935 57933 402ebe RtlUnwind 57934 4033bc 4 API calls 57933->57934 57934->57932 57935->57932 57935->57933 57938 402d90 RaiseException 57935->57938 57937 402eb5 57937->57933 57938->57937 57939 422734 57940 422743 57939->57940 57945 4216c4 57940->57945 57942 422763 57946 421733 57945->57946 57959 4216d3 57945->57959 57949 421744 57946->57949 57970 412920 GetMenuItemCount GetMenuStringA GetMenuState 57946->57970 57948 421772 57952 4217e5 57948->57952 57957 42178d 57948->57957 57949->57948 57951 42180a 57949->57951 57950 4217e3 57953 421836 57950->57953 57972 42227c 25 API calls 57950->57972 57951->57950 57954 42181e SetMenu 57951->57954 57952->57950 57960 4217f9 57952->57960 57973 42160c 24 API calls 57953->57973 57954->57950 57957->57950 57963 4217b0 GetMenu 57957->57963 57958 42183d 57958->57942 57968 422638 10 API calls 57958->57968 57959->57946 57969 40917c 33 API calls 57959->57969 57962 421802 SetMenu 57960->57962 57962->57950 57964 4217d3 57963->57964 57965 4217ba 57963->57965 57971 412920 GetMenuItemCount GetMenuStringA GetMenuState 57964->57971 57967 4217cd SetMenu 57965->57967 57967->57964 57968->57942 57969->57959 57970->57949 57971->57950 57972->57953 57973->57958 57974 42e83f SetErrorMode 57975 416a3c DestroyWindow

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00471688 Relevance: 78.0, APIs: 4, Strings: 40, Instructions: 961COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • Non-default bitness: 32-bit, xrefs: 0047189B
                                                                                                                                                                    • Version of our file: %u.%u.%u.%u, xrefs: 00471AD0
                                                                                                                                                                    • Existing file's SHA-1 hash matches our file. Skipping., xrefs: 00471C95
                                                                                                                                                                    • InUn, xrefs: 0047213F
                                                                                                                                                                    • Same time stamp. Skipping., xrefs: 00471D35
                                                                                                                                                                    • Dest file exists., xrefs: 0047199B
                                                                                                                                                                    • Installing into GAC, xrefs: 004726FA
                                                                                                                                                                    • Existing file is a newer version. Skipping., xrefs: 00471BE2
                                                                                                                                                                    • .tmp, xrefs: 00471F97
                                                                                                                                                                    • Couldn't read time stamp. Skipping., xrefs: 00471D15
                                                                                                                                                                    • Installing the file., xrefs: 00471EE9
                                                                                                                                                                    • Skipping due to "onlyifdestfileexists" flag., xrefs: 00471EDA
                                                                                                                                                                    • Incrementing shared file count (32-bit)., xrefs: 00472594
                                                                                                                                                                    • , xrefs: 00471BAF, 00471D80, 00471DFE
                                                                                                                                                                    • Failed to read existing file's SHA-1 hash. Proceeding., xrefs: 00471CB0
                                                                                                                                                                    • Existing file's SHA-1 hash is different from our file. Proceeding., xrefs: 00471CA4
                                                                                                                                                                    • User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 00471E76
                                                                                                                                                                    • Dest filename: %s, xrefs: 00471874
                                                                                                                                                                    • Existing file is protected by Windows File Protection. Skipping., xrefs: 00471DCC
                                                                                                                                                                    • Will register the file (a type library) later., xrefs: 00472502
                                                                                                                                                                    • Version of our file: (none), xrefs: 00471ADC
                                                                                                                                                                    • Time stamp of existing file: (failed to read), xrefs: 00471A17
                                                                                                                                                                    • I, xrefs: 00471688
                                                                                                                                                                    • Version of existing file: %u.%u.%u.%u, xrefs: 00471B5C
                                                                                                                                                                    • Non-default bitness: 64-bit, xrefs: 0047188F
                                                                                                                                                                    • Existing file has a later time stamp. Skipping., xrefs: 00471DAF
                                                                                                                                                                    • Uninstaller requires administrator: %s, xrefs: 0047216F
                                                                                                                                                                    • Same version. Skipping., xrefs: 00471CC5
                                                                                                                                                                    • Will register the file (a DLL/OCX) later., xrefs: 0047250E
                                                                                                                                                                    • Time stamp of existing file: %s, xrefs: 00471A0B
                                                                                                                                                                    • Time stamp of our file: %s, xrefs: 0047197B
                                                                                                                                                                    • Skipping due to "onlyifdoesntexist" flag., xrefs: 004719AE
                                                                                                                                                                    • Version of existing file: (none), xrefs: 00471CDA
                                                                                                                                                                    • Failed to strip read-only attribute., xrefs: 00471EB3
                                                                                                                                                                    • Time stamp of our file: (failed to read), xrefs: 00471987
                                                                                                                                                                    • -- File entry --, xrefs: 004716DB
                                                                                                                                                                    • Stripped read-only attribute., xrefs: 00471EA7
                                                                                                                                                                    • Incrementing shared file count (64-bit)., xrefs: 0047257B
                                                                                                                                                                    • User opted not to overwrite the existing file. Skipping., xrefs: 00471E2D
                                                                                                                                                                    • Dest file is protected by Windows File Protection., xrefs: 004718CD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: $-- File entry --$.tmp$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's SHA-1 hash is different from our file. Proceeding.$Existing file's SHA-1 hash matches our file. Skipping.$Failed to read existing file's SHA-1 hash. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing into GAC$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.$I
                                                                                                                                                                    • API String ID: 0-4118084788
                                                                                                                                                                    • Opcode ID: 3d86cf4ce7eae531099e9f52e3d70b51e1dde4e2de7bb07c9254876586f02c19
                                                                                                                                                                    • Instruction ID: 6bf2baeb3a70bced245c17dd6e1df6b1677c078c0e18323f60fd28fe4f0ee562
                                                                                                                                                                    • Opcode Fuzzy Hash: 3d86cf4ce7eae531099e9f52e3d70b51e1dde4e2de7bb07c9254876586f02c19
                                                                                                                                                                    • Instruction Fuzzy Hash: 73927134A042889FDB11DFA9C585BDDBBF4AF05304F1480ABE848BB392D7789E45DB19
                                                                                                                                                                    Function 0042E4EC Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1863 42e4ec-42e4fd 1864 42e508-42e52d AllocateAndInitializeSid 1863->1864 1865 42e4ff-42e503 1863->1865 1866 42e6d7-42e6df 1864->1866 1867 42e533-42e550 GetVersion 1864->1867 1865->1866 1868 42e552-42e567 GetModuleHandleA GetProcAddress 1867->1868 1869 42e569-42e56b 1867->1869 1868->1869 1870 42e592-42e5ac GetCurrentThread OpenThreadToken 1869->1870 1871 42e56d-42e57b CheckTokenMembership 1869->1871 1874 42e5e3-42e60b GetTokenInformation 1870->1874 1875 42e5ae-42e5b8 GetLastError 1870->1875 1872 42e581-42e58d 1871->1872 1873 42e6b9-42e6cf FreeSid 1871->1873 1872->1873 1878 42e626-42e64a call 402648 GetTokenInformation 1874->1878 1879 42e60d-42e615 GetLastError 1874->1879 1876 42e5c4-42e5d7 GetCurrentProcess OpenProcessToken 1875->1876 1877 42e5ba-42e5bf call 4031bc 1875->1877 1876->1874 1882 42e5d9-42e5de call 4031bc 1876->1882 1877->1866 1889 42e658-42e660 1878->1889 1890 42e64c-42e656 call 4031bc * 2 1878->1890 1879->1878 1883 42e617-42e621 call 4031bc * 2 1879->1883 1882->1866 1883->1866 1894 42e662-42e663 1889->1894 1895 42e693-42e6b1 call 402660 CloseHandle 1889->1895 1890->1866 1899 42e665-42e678 EqualSid 1894->1899 1902 42e67a-42e687 1899->1902 1903 42e68f-42e691 1899->1903 1902->1903 1904 42e689-42e68d 1902->1904 1903->1895 1903->1899 1904->1895
                                                                                                                                                                    APIs
                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(0049B788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E526
                                                                                                                                                                    • GetVersion.KERNEL32(00000000,0042E6D0,?,0049B788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E543
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E6D0,?,0049B788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E55C
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E562
                                                                                                                                                                    • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,0042E6D0,?,0049B788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E577
                                                                                                                                                                    • FreeSid.ADVAPI32(00000000,0042E6D7,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E6CA
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressAllocateCheckFreeHandleInitializeMembershipModuleProcTokenVersion
                                                                                                                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                    • API String ID: 2252812187-1888249752
                                                                                                                                                                    • Opcode ID: a06aba4bc7ad003a24c6a3e5ae7cc449e224e9bb2fb340cae5365eb9dab0f295
                                                                                                                                                                    • Instruction ID: 33373ee259e646c263c3edb0d375fd355344fbe6f0fea3053a31bb261822ccd7
                                                                                                                                                                    • Opcode Fuzzy Hash: a06aba4bc7ad003a24c6a3e5ae7cc449e224e9bb2fb340cae5365eb9dab0f295
                                                                                                                                                                    • Instruction Fuzzy Hash: 33518371B44619AEDB10EAE69842B7F77ACDB19304FD4047BB500F72C2D57CD904876A
                                                                                                                                                                    Function 00456DD4 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 310comCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1906 456dd4-456e06 call 403728 1909 456e21 1906->1909 1910 456e08-456e1f CoCreateInstance 1906->1910 1911 456e26-456e28 1909->1911 1910->1911 1912 456e55-456e99 call 403738 * 2 1911->1912 1913 456e2a-456e47 CoCreateInstance 1911->1913 1922 456ea6-456eaa 1912->1922 1923 456e9b-456ea1 call 456bf8 1912->1923 1913->1912 1915 456e49-456e50 call 453c18 1913->1915 1915->1912 1925 456eac-456eb3 1922->1925 1926 456eea-456ef9 1922->1926 1923->1922 1927 456eb5-456ecf call 47d578 call 42df60 1925->1927 1928 456ed4-456ee5 call 403738 1925->1928 1933 456f0c-456f11 1926->1933 1934 456efb-456f07 call 403738 1926->1934 1927->1928 1928->1926 1937 456f21-456f28 call 456bd8 1933->1937 1938 456f13-456f1c 1933->1938 1934->1933 1943 456f2e-456f36 1937->1943 1944 457089-45709c 1937->1944 1938->1937 1945 456f42-456f55 1943->1945 1946 456f38-456f3c 1943->1946 1948 45709e-4570a5 call 453c18 1944->1948 1949 4570aa-4570ae 1944->1949 1954 456f57-456f5e call 453c18 1945->1954 1955 456f63-456f67 1945->1955 1946->1944 1946->1945 1948->1949 1952 4570b0-4570b7 call 456bb8 1949->1952 1953 4570d3-4570db call 403ca4 1949->1953 1952->1953 1966 4570b9-4570d1 call 42c948 call 403ca4 1952->1966 1970 4570de-4570e2 1953->1970 1954->1955 1958 456f97-456f99 1955->1958 1959 456f69-456f89 1955->1959 1963 457004-457008 1958->1963 1964 456f9b-456faf call 403ca4 1958->1964 1959->1958 1973 456f8b-456f92 call 453c18 1959->1973 1968 457070-45707b 1963->1968 1969 45700a-45702a 1963->1969 1977 456fb6-456fd8 1964->1977 1978 456fb1 call 409050 1964->1978 1966->1970 1968->1944 1986 45707d-457084 call 453c18 1968->1986 1987 45702c-457033 call 453c18 1969->1987 1988 457038-45703f call 456be8 1969->1988 1974 4570e4 call 409050 1970->1974 1975 4570e9-4570f3 1970->1975 1973->1958 1974->1975 1984 4570f8-4570fa 1975->1984 1999 456fe6-456ffc SysFreeString 1977->1999 2000 456fda-456fe1 call 453c18 1977->2000 1978->1977 1990 4570fc-457103 call 453c18 1984->1990 1991 457108-457127 call 456cec 1984->1991 1986->1944 1987->1988 1988->1968 2001 457041-457062 1988->2001 1990->1991 2004 457132-457136 1991->2004 2005 457129-45712d SysFreeString 1991->2005 2000->1999 2001->1968 2009 457064-45706b call 453c18 2001->2009 2007 457141-457145 2004->2007 2008 457138-45713c 2004->2008 2005->2004 2010 457147-45714b 2007->2010 2011 457150-457159 2007->2011 2008->2007 2009->1968 2010->2011
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoCreateInstance.OLE32(0049BA74,00000000,00000001,0049B774,?,00000000,0045717F), ref: 00456E1A
                                                                                                                                                                    • CoCreateInstance.OLE32(0049B764,00000000,00000001,0049B774,?,00000000,0045717F), ref: 00456E40
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00456FF7
                                                                                                                                                                    Strings
                                                                                                                                                                    • IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall), xrefs: 0045702E
                                                                                                                                                                    • IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption), xrefs: 00457066
                                                                                                                                                                    • {pf32}\, xrefs: 00456EBA
                                                                                                                                                                    • IShellLink::QueryInterface(IID_IPersistFile), xrefs: 004570A0
                                                                                                                                                                    • IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning), xrefs: 00456F8D
                                                                                                                                                                    • IPropertyStore::SetValue(PKEY_AppUserModel_ID), xrefs: 00456FDC
                                                                                                                                                                    • IPropertyStore::Commit, xrefs: 0045707F
                                                                                                                                                                    • %ProgramFiles(x86)%\, xrefs: 00456ECA
                                                                                                                                                                    • IShellLink::QueryInterface(IID_IPropertyStore), xrefs: 00456F59
                                                                                                                                                                    • IPersistFile::Save, xrefs: 004570FE
                                                                                                                                                                    • CoCreateInstance, xrefs: 00456E4B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateInstance$FreeString
                                                                                                                                                                    • String ID: %ProgramFiles(x86)%\$CoCreateInstance$IPersistFile::Save$IPropertyStore::Commit$IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)$IPropertyStore::SetValue(PKEY_AppUserModel_ID)$IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)$IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption)$IShellLink::QueryInterface(IID_IPersistFile)$IShellLink::QueryInterface(IID_IPropertyStore)${pf32}\
                                                                                                                                                                    • API String ID: 308859552-2363233914
                                                                                                                                                                    • Opcode ID: 07d5a5579f8ca6652d0c1b29a29510edaaf9d516a664dc31519823db798bd8dc
                                                                                                                                                                    • Instruction ID: 02ec3099c1e013a4d2a6014e0405d8002507ef7a0ca247d1a979c15f6e32810c
                                                                                                                                                                    • Opcode Fuzzy Hash: 07d5a5579f8ca6652d0c1b29a29510edaaf9d516a664dc31519823db798bd8dc
                                                                                                                                                                    • Instruction Fuzzy Hash: 57B18071A04204AFDB11DFA9D845B9E7BF8AF08706F5440B6F904E7262DB38DD48CB69
                                                                                                                                                                    Function 00450994 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 76libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2014 450994-4509b9 2015 450a8c-450ab0 call 403420 2014->2015 2016 4509bf-4509cc GetVersion 2014->2016 2016->2015 2018 4509d2-450a0c call 450964 call 42c84c call 40357c call 403738 LoadLibraryA 2016->2018 2018->2015 2028 450a0e-450a87 GetProcAddress * 6 2018->2028 2028->2015
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersion.KERNEL32(00000000,00450AB1,?,?,?,?,00000000,00000000), ref: 004509BF
                                                                                                                                                                      • Part of subcall function 00450964: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0045097C
                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,00000000,00450AB1,?,?,?,?,00000000,00000000), ref: 004509FB
                                                                                                                                                                    • GetProcAddress.KERNEL32(6D010000,RmStartSession), ref: 00450A19
                                                                                                                                                                    • GetProcAddress.KERNEL32(6D010000,RmRegisterResources), ref: 00450A2E
                                                                                                                                                                    • GetProcAddress.KERNEL32(6D010000,RmGetList), ref: 00450A43
                                                                                                                                                                    • GetProcAddress.KERNEL32(6D010000,RmShutdown), ref: 00450A58
                                                                                                                                                                    • GetProcAddress.KERNEL32(6D010000,RmRestart), ref: 00450A6D
                                                                                                                                                                    • GetProcAddress.KERNEL32(6D010000,RmEndSession), ref: 00450A82
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystemVersion
                                                                                                                                                                    • String ID: RmEndSession$RmGetList$RmRegisterResources$RmRestart$RmShutdown$RmStartSession$Rstrtmgr.dll
                                                                                                                                                                    • API String ID: 2754715182-3419246398
                                                                                                                                                                    • Opcode ID: d8d5ff48d6aa38830af6a9e8a73036221bb65f2481768552fb853932befe92ab
                                                                                                                                                                    • Instruction ID: 7e76809d132c55fa29070b713de61cc7a3e08993567f6b48a797f9432d6667d5
                                                                                                                                                                    • Opcode Fuzzy Hash: d8d5ff48d6aa38830af6a9e8a73036221bb65f2481768552fb853932befe92ab
                                                                                                                                                                    • Instruction Fuzzy Hash: 58212AB4A00304AEE710FBA5EC86A6E77F8E764755F50053BB810A71A3D6789D49CB1C
                                                                                                                                                                    Function 0042405C Relevance: 21.4, APIs: 14, Instructions: 395COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2335 42405c-424090 2336 424092-424093 2335->2336 2337 4240c4-4240db call 423fb8 2335->2337 2338 424095-4240b1 call 40b69c 2336->2338 2342 42413c-424141 2337->2342 2343 4240dd 2337->2343 2371 4240b3-4240bb 2338->2371 2372 4240c0-4240c2 2338->2372 2347 424143 2342->2347 2348 424177-42417c 2342->2348 2345 4240e3-4240e6 2343->2345 2346 4241a0-4241b0 2343->2346 2349 424115-424118 2345->2349 2350 4240e8 2345->2350 2353 4241b2-4241b7 2346->2353 2354 4241bb-4241c3 call 4245e4 2346->2354 2356 424401-424409 2347->2356 2357 424149-424151 2347->2357 2351 424182-424185 2348->2351 2352 4244ea-4244f8 IsIconic 2348->2352 2366 4241f9-424200 2349->2366 2367 42411e-42411f 2349->2367 2362 424246-424256 call 423fd4 2350->2362 2363 4240ee-4240f1 2350->2363 2364 424526-42453b call 424ca0 2351->2364 2365 42418b-42418c 2351->2365 2358 4245a2-4245aa 2352->2358 2359 4244fe-424509 GetFocus 2352->2359 2369 4241c8-4241d0 call 42462c 2353->2369 2370 4241b9-4241dc call 423fd4 2353->2370 2354->2358 2356->2358 2368 42440f-42441a call 418630 2356->2368 2360 424363-42438a SendMessageA 2357->2360 2361 424157-42415c 2357->2361 2385 4245c1-4245c7 2358->2385 2359->2358 2375 42450f-424518 call 41f444 2359->2375 2360->2358 2383 424162-424163 2361->2383 2384 42449a-4244a5 2361->2384 2362->2358 2376 4240f7-4240fa 2363->2376 2377 42426e-424284 PostMessageA call 423fd4 2363->2377 2364->2358 2387 424192-424195 2365->2387 2388 42453d-424544 2365->2388 2366->2358 2379 424206-42420d 2366->2379 2380 424125-424128 2367->2380 2381 42438f-424396 2367->2381 2368->2358 2420 424420-42442f call 418630 IsWindowEnabled 2368->2420 2369->2358 2370->2358 2371->2385 2372->2337 2372->2338 2375->2358 2433 42451e-424524 SetFocus 2375->2433 2394 424100-424103 2376->2394 2395 4242f5-4242fc 2376->2395 2428 424289-42428a 2377->2428 2379->2358 2399 424213-424219 2379->2399 2400 42412e-424131 2380->2400 2401 42428f-4242af call 423fd4 2380->2401 2381->2358 2410 42439c-4243a1 call 404e54 2381->2410 2403 4244c2-4244cd 2383->2403 2404 424169-42416c 2383->2404 2384->2358 2406 4244ab-4244bd 2384->2406 2407 424570-424577 2387->2407 2408 42419b 2387->2408 2397 424546-424559 call 424924 2388->2397 2398 42455b-42456e call 42497c 2388->2398 2413 424109-42410a 2394->2413 2414 42421e-42422c IsIconic 2394->2414 2415 4242fe-424311 call 423f64 2395->2415 2416 42432f-424340 call 423fd4 2395->2416 2397->2358 2398->2358 2399->2358 2418 424137 2400->2418 2419 42425b-424269 call 4245c8 2400->2419 2449 4242d3-4242f0 call 423ed4 PostMessageA 2401->2449 2450 4242b1-4242ce call 423f64 PostMessageA 2401->2450 2403->2358 2427 4244d3-4244e5 2403->2427 2424 424172 2404->2424 2425 4243a6-4243ae 2404->2425 2406->2358 2422 42458a-424599 2407->2422 2423 424579-424588 2407->2423 2426 42459b-42459c call 423fd4 2408->2426 2410->2358 2434 424110 2413->2434 2435 4241e1-4241e9 2413->2435 2441 42423a-424241 call 423fd4 2414->2441 2442 42422e-424235 call 424010 2414->2442 2464 424323-42432a call 423fd4 2415->2464 2465 424313-42431d call 41f3a8 2415->2465 2469 424342-424348 call 41f2f4 2416->2469 2470 424356-42435e call 423ed4 2416->2470 2418->2426 2419->2358 2420->2358 2466 424435-424444 call 418630 IsWindowVisible 2420->2466 2422->2358 2423->2358 2424->2426 2425->2358 2431 4243b4-4243bb 2425->2431 2457 4245a1 2426->2457 2427->2358 2428->2358 2431->2358 2448 4243c1-4243d0 call 418630 IsWindowEnabled 2431->2448 2433->2358 2434->2426 2435->2358 2451 4241ef-4241f4 call 42309c 2435->2451 2441->2358 2442->2358 2448->2358 2480 4243d6-4243ec call 412760 2448->2480 2449->2358 2450->2358 2451->2358 2457->2358 2464->2358 2465->2464 2466->2358 2487 42444a-424495 GetFocus call 418630 SetFocus call 415690 SetFocus 2466->2487 2484 42434d-424350 2469->2484 2470->2358 2480->2358 2490 4243f2-4243fc 2480->2490 2484->2470 2487->2358 2490->2358
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fe6f3cab85cb6cd94dd259e2a1688b0505dda5d67cc9468b745cf4902a0b6c1d
                                                                                                                                                                    • Instruction ID: 43e49367b0b6739e18dd975752e7d81306140be7a57883210305ee73c05c6530
                                                                                                                                                                    • Opcode Fuzzy Hash: fe6f3cab85cb6cd94dd259e2a1688b0505dda5d67cc9468b745cf4902a0b6c1d
                                                                                                                                                                    • Instruction Fuzzy Hash: 59E16E30704124EFD710DB6AE685A5DB7F4EF84314FA540A6F6859B392CB38EE81DB09
                                                                                                                                                                    Function 00422CAC Relevance: 18.3, APIs: 12, Instructions: 255windowCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2494 422cac-422cbd 2495 422ce1-422d00 2494->2495 2496 422cbf-422cc9 2494->2496 2498 422ff6-42300d 2495->2498 2499 422d06-422d10 2495->2499 2496->2495 2497 422ccb-422cdc call 40910c call 40311c 2496->2497 2497->2495 2501 422ef1-422f37 call 402c00 2499->2501 2502 422d16-422d5b call 402c00 2499->2502 2513 422f43-422f4d 2501->2513 2514 422f39-422f3e call 42227c 2501->2514 2511 422d61-422d6b 2502->2511 2512 422dff-422e13 2502->2512 2517 422da7-422dbb call 4235f8 2511->2517 2518 422d6d-422d84 call 414b0c 2511->2518 2519 422e19-422e23 2512->2519 2520 422ecc-422eec call 418630 ShowWindow 2512->2520 2515 422f4f-422f57 call 416b00 2513->2515 2516 422f5c-422f66 2513->2516 2514->2513 2515->2498 2524 422f87-422f9a call 418630 GetActiveWindow 2516->2524 2525 422f68-422f85 call 418630 SetWindowPos 2516->2525 2544 422dc0-422dd4 call 4235f0 2517->2544 2545 422dbd 2517->2545 2539 422d86 2518->2539 2540 422d89-422da0 call 414b50 2518->2540 2527 422e25-422e59 call 418630 SendMessageA call 418630 ShowWindow 2519->2527 2528 422e5b-422ea5 call 418630 ShowWindow call 418630 CallWindowProcA call 415114 2519->2528 2520->2498 2548 422f9c-422fac call 418630 IsIconic 2524->2548 2549 422fbd-422fbf 2524->2549 2525->2498 2566 422eaa-422ec7 SendMessageA 2527->2566 2528->2566 2539->2540 2560 422dd9-422ddb 2540->2560 2564 422da2-422da5 2540->2564 2559 422dd6 2544->2559 2544->2560 2545->2544 2548->2549 2571 422fae-422fbb call 418630 call 41f444 2548->2571 2554 422fc1-422fe4 call 418630 SetWindowPos SetActiveWindow 2549->2554 2555 422fe6-422ff1 call 418630 ShowWindow 2549->2555 2554->2498 2555->2498 2559->2560 2567 422ddf-422de1 2560->2567 2568 422ddd 2560->2568 2564->2560 2566->2498 2572 422de3 2567->2572 2573 422de5-422dfa 2567->2573 2568->2567 2571->2549 2572->2573 2573->2512
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 00422E44
                                                                                                                                                                    • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,0042300E), ref: 00422E54
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSendShowWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1631623395-0
                                                                                                                                                                    • Opcode ID: a5b4c9237f5125413a942318049dbdede438d47a922921ea45b9a336655294a1
                                                                                                                                                                    • Instruction ID: bacc4b86db7cb1d0e13acf93141a7ddfdaa0ad6c2af5cb9121abc77d57b19b6c
                                                                                                                                                                    • Opcode Fuzzy Hash: a5b4c9237f5125413a942318049dbdede438d47a922921ea45b9a336655294a1
                                                                                                                                                                    • Instruction Fuzzy Hash: 1B916270B14254AFD700DBA9DB46F9E77F4AB04304F5600B6F904AB292C7B8AE01AB58
                                                                                                                                                                    Function 00468034 Relevance: 13.9, APIs: 4, Strings: 3, Instructions: 1649windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004971B4: GetWindowRect.USER32(00000000), ref: 004971CA
                                                                                                                                                                    • LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 004683DD
                                                                                                                                                                      • Part of subcall function 0041DB00: GetObjectA.GDI32(?,00000018,004683F6), ref: 0041DB2B
                                                                                                                                                                      • Part of subcall function 00467E10: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467EB3
                                                                                                                                                                      • Part of subcall function 00467E10: ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467ED9
                                                                                                                                                                      • Part of subcall function 00467E10: ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 00467F30
                                                                                                                                                                      • Part of subcall function 004677CC: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00468491,00000000,00000000,00000000,0000000C,00000000), ref: 004677E4
                                                                                                                                                                      • Part of subcall function 00497438: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 00497442
                                                                                                                                                                      • Part of subcall function 0042F188: GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042F1E4
                                                                                                                                                                      • Part of subcall function 0042F188: SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042F201
                                                                                                                                                                      • Part of subcall function 00497104: GetDC.USER32(00000000), ref: 00497126
                                                                                                                                                                      • Part of subcall function 00497104: SelectObject.GDI32(?,00000000), ref: 0049714C
                                                                                                                                                                      • Part of subcall function 00497104: ReleaseDC.USER32(00000000,?), ref: 0049719D
                                                                                                                                                                      • Part of subcall function 00497428: MulDiv.KERNEL32(0000004B,?,00000006), ref: 00497432
                                                                                                                                                                    • GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,021CF364,021D10C4,?,?,021D10F4,?,?,021D1144,?), ref: 00469080
                                                                                                                                                                    • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00469091
                                                                                                                                                                    • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 004690A9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Menu$AppendExtractIconObject$AddressAutoBitmapCallbackCompleteDispatcherFileInfoLoadProcRectReleaseSelectSystemUserWindow
                                                                                                                                                                    • String ID: $(Default)$STOPIMAGE
                                                                                                                                                                    • API String ID: 616467991-770201673
                                                                                                                                                                    • Opcode ID: 533b5b9c69d50d4e3bf7389d015b08925e7f9e5915c964b06be795d887c19e03
                                                                                                                                                                    • Instruction ID: 80892e57212ece105f8354d293749779e47711168eff5a6823bea21c9da9ff55
                                                                                                                                                                    • Opcode Fuzzy Hash: 533b5b9c69d50d4e3bf7389d015b08925e7f9e5915c964b06be795d887c19e03
                                                                                                                                                                    • Instruction Fuzzy Hash: 90F2E7786005108FCB00EB69D8D9F9977F5BF89304F1542BAE5049B36ADB78EC46CB4A
                                                                                                                                                                    Function 004565A8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,004566E7), ref: 004565D8
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004565DE
                                                                                                                                                                    • GetDiskFreeSpaceExA.KERNEL32(00000000,?,?,00000000,00000000,004566C5,?,00000000,kernel32.dll,GetDiskFreeSpaceExA,00000000,004566E7), ref: 00456634
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressDiskFreeHandleModuleProcSpace
                                                                                                                                                                    • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                    • API String ID: 1197914913-3712701948
                                                                                                                                                                    • Opcode ID: 25df71702425412e55e0ebe1ec94dd27c79a220fb61393adf873e88db180ab3d
                                                                                                                                                                    • Instruction ID: b48cc3d91c9fc3d8a1033014b63779c50d18bc65ef0bc06e4cd1291adb105b9d
                                                                                                                                                                    • Opcode Fuzzy Hash: 25df71702425412e55e0ebe1ec94dd27c79a220fb61393adf873e88db180ab3d
                                                                                                                                                                    • Instruction Fuzzy Hash: A2417471A00249AFCF01EFA5C8829EFBBB8EF48304F514567F800F7252D6795D098B69
                                                                                                                                                                    Function 00476120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,0047628A,?,?,0049E1E4,00000000), ref: 00476179
                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,0047628A,?,?,0049E1E4,00000000), ref: 00476256
                                                                                                                                                                    • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,0047628A,?,?,0049E1E4,00000000), ref: 00476264
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                                                                    • String ID: unins$unins???.*
                                                                                                                                                                    • API String ID: 3541575487-1009660736
                                                                                                                                                                    • Opcode ID: 3a2d1ee64310973388ce3f056c46f3f91c31d3143798f7056ed3044b8f7aea83
                                                                                                                                                                    • Instruction ID: eb89464c752a784b36226a23c26c23c5edadcf818cb3280f2000aa581376a5b5
                                                                                                                                                                    • Opcode Fuzzy Hash: 3a2d1ee64310973388ce3f056c46f3f91c31d3143798f7056ed3044b8f7aea83
                                                                                                                                                                    • Instruction Fuzzy Hash: 11312E70600548ABDB50EB65CC81ADEBBADDB45314F5180F6A84CAB3A6DB389F418F58
                                                                                                                                                                    Function 004531A4 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00453207,?,?,-00000001,00000000), ref: 004531E1
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000000,00453207,?,?,-00000001,00000000), ref: 004531E9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileFindFirstLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 873889042-0
                                                                                                                                                                    • Opcode ID: 1201cac6feb998a2fb112764d438cb0eb727cdb5a4391e78fe092c8218b0a9ce
                                                                                                                                                                    • Instruction ID: d0bf465202dae3429285692917932fac375c13b7b10a14b33624456fe0da4cd4
                                                                                                                                                                    • Opcode Fuzzy Hash: 1201cac6feb998a2fb112764d438cb0eb727cdb5a4391e78fe092c8218b0a9ce
                                                                                                                                                                    • Instruction Fuzzy Hash: FEF02371A046047BCB10DF7AAC0145EF7ACDB4577675046BBFC14D3291DB784F088558
                                                                                                                                                                    Function 004089B8 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049D4C4,00000001,?,00408A83,?,00000000,00408B62), ref: 004089D6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                    • Opcode ID: 40f9e6ad7b9874a9b05efedc53f019727417c817c0661ecad43f37488e602a1d
                                                                                                                                                                    • Instruction ID: 37d1d3aac47cb6b8cd62020f591dd9ac8cec50bf03644e7f1bddec785b1dbc63
                                                                                                                                                                    • Opcode Fuzzy Hash: 40f9e6ad7b9874a9b05efedc53f019727417c817c0661ecad43f37488e602a1d
                                                                                                                                                                    • Instruction Fuzzy Hash: 63E0227170021452C315A91A8C82AFAB24C9B18314F00427FB948E73C3EDB89E8042ED
                                                                                                                                                                    Function 00423FD4 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • NtdllDefWindowProc_A.USER32(?,?,?,?,?,004245A1,?,00000000,004245AC), ref: 00423FFE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: NtdllProc_Window
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4255912815-0
                                                                                                                                                                    • Opcode ID: 15ec92afe3337674697e5aaff926351660f6d808b83c1ecc1d592f8d8ff41db7
                                                                                                                                                                    • Instruction ID: 626c949ff67c0b5daba62b8ffba664747ea83a29b03f4787c3cb7294a8149fcf
                                                                                                                                                                    • Opcode Fuzzy Hash: 15ec92afe3337674697e5aaff926351660f6d808b83c1ecc1d592f8d8ff41db7
                                                                                                                                                                    • Instruction Fuzzy Hash: 9CF0B379205608AF8B40DF99C588D4ABBE8AB4C260B058295B988CB321C234EE808F94
                                                                                                                                                                    Function 00455D38 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: NameUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2645101109-0
                                                                                                                                                                    • Opcode ID: aa3a47175e92b859a3c3631cc0a30abc799c89e82c4a450a6b7a51612d703bec
                                                                                                                                                                    • Instruction ID: 82cf1e81aeab4cdf4c711474db213eebdc1b2e178f500b1422eacd8e28b83923
                                                                                                                                                                    • Opcode Fuzzy Hash: aa3a47175e92b859a3c3631cc0a30abc799c89e82c4a450a6b7a51612d703bec
                                                                                                                                                                    • Instruction Fuzzy Hash: 0AD0C27230460063C700AAA99C826AA359C8B84305F00883F3CC5DA2C3EABDDA4C5696
                                                                                                                                                                    Function 0042F9C0 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042F9DC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: NtdllProc_Window
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4255912815-0
                                                                                                                                                                    • Opcode ID: 2621fde08b5d071fc730d3c03362a0ac5d2de45ee12ad7e5c10e42539110ff87
                                                                                                                                                                    • Instruction ID: 416a4692ed3cb8c0a12f59f0b22837e163b9cfd3c66ebd18f18690eb3ad7abe4
                                                                                                                                                                    • Opcode Fuzzy Hash: 2621fde08b5d071fc730d3c03362a0ac5d2de45ee12ad7e5c10e42539110ff87
                                                                                                                                                                    • Instruction Fuzzy Hash: 07D0A7B220010C7FDB00DE98D840D6B33BC9B8C700B90C826F945C7241D234EDA0CBB8
                                                                                                                                                                    Function 0046FE70 Relevance: 75.8, APIs: 1, Strings: 42, Instructions: 512registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 410 46fe70-46fea2 411 46fea4-46feab 410->411 412 46febf 410->412 413 46feb6-46febd 411->413 414 46fead-46feb4 411->414 415 46fec6-46fefe call 403634 call 403738 call 42e310 412->415 413->415 414->412 414->413 422 46ff00-46ff14 call 403738 call 42e310 415->422 423 46ff19-46ff42 call 403738 call 42e234 415->423 422->423 431 46ff44-46ff4d call 46fb40 423->431 432 46ff52-46ff7b call 46fc5c 423->432 431->432 436 46ff8d-46ff90 call 403400 432->436 437 46ff7d-46ff8b call 403494 432->437 440 46ff95-46ffe0 call 46fc5c call 42c84c call 46fca4 call 46fc5c 436->440 437->440 450 46fff6-470017 call 455d38 call 46fc5c 440->450 451 46ffe2-46fff5 call 46fccc 440->451 458 47006d-470074 450->458 459 470019-47006c call 46fc5c call 4318a4 call 46fc5c call 4318a4 call 46fc5c 450->459 451->450 461 470076-4700ae call 4318a4 call 46fc5c call 4318a4 call 46fc5c 458->461 462 4700b4-4700bb 458->462 459->458 494 4700b3 461->494 464 4700bd-4700fb call 46fc5c * 3 462->464 465 4700fc-470121 call 40b69c call 46fc5c 462->465 464->465 483 470123-47012e call 47d578 465->483 484 470130-470139 call 403494 465->484 495 47013e-470149 call 47a04c 483->495 484->495 494->462 500 470152 495->500 501 47014b-470150 495->501 502 470157-470321 call 403778 call 46fc5c call 47d578 call 46fca4 call 403494 call 40357c * 2 call 46fc5c call 403494 call 40357c * 2 call 46fc5c call 47d578 call 46fca4 call 47d578 call 46fca4 call 47d578 call 46fca4 call 47d578 call 46fca4 call 47d578 call 46fca4 call 47d578 call 46fca4 call 47d578 call 46fca4 call 47d578 call 46fca4 call 47d578 call 46fca4 call 47d578 500->502 501->502 565 470337-470345 call 46fccc 502->565 566 470323-470335 call 46fc5c 502->566 569 47034a 565->569 571 47034b-470394 call 46fccc call 46fd00 call 46fc5c call 47d578 call 46fd64 566->571 569->571 582 470396-4703dd call 46fccc * 4 571->582 583 4703de-4703eb 571->583 582->583 584 4703f1-4703f8 583->584 585 4704ba-4704c1 583->585 590 470465-470474 584->590 591 4703fa-470401 584->591 588 4704c3-4704f9 call 4965d4 585->588 589 47051b-470531 RegCloseKey 585->589 588->589 594 470477-470484 590->594 591->590 595 470403-470427 call 43106c 591->595 598 470486-470493 594->598 599 47049b-4704b4 call 4310a8 call 46fccc 594->599 595->594 607 470429-47042a 595->607 598->599 602 470495-470499 598->602 612 4704b9 599->612 602->585 602->599 610 47042c-470452 call 40b69c call 47a8a8 607->610 617 470454-47045a call 43106c 610->617 618 47045f-470461 610->618 612->585 617->618 618->610 620 470463 618->620 620->594
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0046FC5C: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,VtG,?,0049E1E4,?,0046FF73,?,00000000,00470532,?,_is1), ref: 0046FC7F
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,00470539,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,00470584,?,?,0049E1E4,00000000), ref: 0047052C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseValue
                                                                                                                                                                    • String ID: " /SILENT$5.5.9 (a)$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EstimatedSize$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: Language$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$MajorVersion$MinorVersion$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$VersionMajor$VersionMinor$_is1
                                                                                                                                                                    • API String ID: 3132538880-2925550972
                                                                                                                                                                    • Opcode ID: c80bc5e15492c271760b0f6d104a86497aebefb58fa4af63d08ee6850ff50973
                                                                                                                                                                    • Instruction ID: 8dffaa2781584bc6e947bd791be20880efee78ab32c439a28404737c84d0984c
                                                                                                                                                                    • Opcode Fuzzy Hash: c80bc5e15492c271760b0f6d104a86497aebefb58fa4af63d08ee6850ff50973
                                                                                                                                                                    • Instruction Fuzzy Hash: F8124F34A00108DBDB04EB55E991ADE77F5EF48304F60807BE804AB3A5EB79BD45CB59
                                                                                                                                                                    Function 004063F4 Relevance: 42.2, APIs: 7, Strings: 17, Instructions: 174libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,0040668E,?,?,?,?,00000000,?,0049A4A8), ref: 0040640F
                                                                                                                                                                    • GetVersion.KERNEL32(kernel32.dll,00000000,0040668E,?,?,?,?,00000000,?,0049A4A8), ref: 00406416
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0040642B
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00406453
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406655
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040666B
                                                                                                                                                                    • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,kernel32.dll,00000000,0040668E,?,?,?,?,00000000,?,0049A4A8), ref: 00406676
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleModulePolicyProcessVersion
                                                                                                                                                                    • String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$kernel32.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
                                                                                                                                                                    • API String ID: 3297890031-2388063882
                                                                                                                                                                    • Opcode ID: 7c5204fbbc2168c2f62eadc490ed385a4cfd672bd01c7cc457884a48157f0828
                                                                                                                                                                    • Instruction ID: 52ceb319b1b10a2745084cc2a18598c2ecefae742a63aceaaee3a2f28509b87b
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c5204fbbc2168c2f62eadc490ed385a4cfd672bd01c7cc457884a48157f0828
                                                                                                                                                                    • Instruction Fuzzy Hash: 7061F130A00109EBCB01FBA6D982D8E77B9AB44709B214077B405772E6DB3DEF199B5D
                                                                                                                                                                    Function 00484E68 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2029 484e68-484e8d GetModuleHandleA GetProcAddress 2030 484e8f-484ea5 GetNativeSystemInfo GetProcAddress 2029->2030 2031 484ef4-484ef9 GetSystemInfo 2029->2031 2032 484efe-484f07 2030->2032 2033 484ea7-484eb2 GetCurrentProcess 2030->2033 2031->2032 2034 484f09-484f0d 2032->2034 2035 484f17-484f1e 2032->2035 2033->2032 2042 484eb4-484eb8 2033->2042 2038 484f0f-484f13 2034->2038 2039 484f20-484f27 2034->2039 2036 484f39-484f3e 2035->2036 2040 484f29-484f30 2038->2040 2041 484f15-484f32 2038->2041 2039->2036 2040->2036 2041->2036 2042->2032 2044 484eba-484ec1 call 452e60 2042->2044 2044->2032 2047 484ec3-484ed0 GetProcAddress 2044->2047 2047->2032 2048 484ed2-484ee9 GetModuleHandleA GetProcAddress 2047->2048 2048->2032 2049 484eeb-484ef2 2048->2049 2049->2032
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00484E79
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00484E86
                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00484E94
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00484E9C
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00484EA8
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00484EC9
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00484EDC
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 00484EE2
                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00484EF9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                                                                                                                                                    • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                                                                                                                                                    • API String ID: 2230631259-2623177817
                                                                                                                                                                    • Opcode ID: cd68709e737b022a93ba3f5ff6983bcc42b0d1d8f8071fae57a82298f7546d18
                                                                                                                                                                    • Instruction ID: 19f93fc1e60286517b98713993879556ba5b021e510ed05db2a10d1898c9039d
                                                                                                                                                                    • Opcode Fuzzy Hash: cd68709e737b022a93ba3f5ff6983bcc42b0d1d8f8071fae57a82298f7546d18
                                                                                                                                                                    • Instruction Fuzzy Hash: E8110351109353A4E721B3796E46B7F25889B8031CF080C7F7B84666C6EA7CC845833F
                                                                                                                                                                    Function 00469A0C Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2050 469a0c-469a44 call 47d578 2053 469c26-469c40 call 403420 2050->2053 2054 469a4a-469a5a call 47a06c 2050->2054 2059 469a5f-469aa4 call 407d44 call 403738 call 42e26c 2054->2059 2065 469aa9-469aab 2059->2065 2066 469ab1-469ac6 2065->2066 2067 469c1c-469c20 2065->2067 2068 469adb-469ae2 2066->2068 2069 469ac8-469ad6 call 42e19c 2066->2069 2067->2053 2067->2059 2071 469ae4-469b06 call 42e19c call 42e1b4 2068->2071 2072 469b0f-469b16 2068->2072 2069->2068 2071->2072 2090 469b08 2071->2090 2074 469b6f-469b76 2072->2074 2075 469b18-469b3d call 42e19c * 2 2072->2075 2077 469bbc-469bc3 2074->2077 2078 469b78-469b8a call 42e19c 2074->2078 2094 469b3f-469b48 call 431998 2075->2094 2095 469b4d-469b5f call 42e19c 2075->2095 2080 469bc5-469bf9 call 42e19c * 3 2077->2080 2081 469bfe-469c14 RegCloseKey 2077->2081 2091 469b8c-469b95 call 431998 2078->2091 2092 469b9a-469bac call 42e19c 2078->2092 2080->2081 2090->2072 2091->2092 2092->2077 2103 469bae-469bb7 call 431998 2092->2103 2094->2095 2095->2074 2107 469b61-469b6a call 431998 2095->2107 2103->2077 2107->2074
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,00469C26,?,?,00000001,00000000,00000000,00469C41,?,00000000,00000000,?), ref: 00469C0F
                                                                                                                                                                    Strings
                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00469A6B
                                                                                                                                                                    • Inno Setup: Selected Components, xrefs: 00469B2E
                                                                                                                                                                    • Inno Setup: Setup Type, xrefs: 00469B1E
                                                                                                                                                                    • Inno Setup: User Info: Serial, xrefs: 00469BF1
                                                                                                                                                                    • Inno Setup: App Path, xrefs: 00469ACE
                                                                                                                                                                    • Inno Setup: Deselected Tasks, xrefs: 00469B9D
                                                                                                                                                                    • %s\%s_is1, xrefs: 00469A89
                                                                                                                                                                    • Inno Setup: User Info: Name, xrefs: 00469BCB
                                                                                                                                                                    • Inno Setup: User Info: Organization, xrefs: 00469BDE
                                                                                                                                                                    • Inno Setup: No Icons, xrefs: 00469AF7
                                                                                                                                                                    • Inno Setup: Selected Tasks, xrefs: 00469B7B
                                                                                                                                                                    • Inno Setup: Deselected Components, xrefs: 00469B50
                                                                                                                                                                    • Inno Setup: Icon Group, xrefs: 00469AEA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                    • API String ID: 47109696-1093091907
                                                                                                                                                                    • Opcode ID: 5e5dd39b6a47d0f604a579e9d91520aca6f3566102ff8285c504ff9a2ddc14f1
                                                                                                                                                                    • Instruction ID: c7de7197f4a769c9e7c3cd52df4c64fbb683598124d789e1de9a85ab418445f9
                                                                                                                                                                    • Opcode Fuzzy Hash: 5e5dd39b6a47d0f604a579e9d91520aca6f3566102ff8285c504ff9a2ddc14f1
                                                                                                                                                                    • Instruction Fuzzy Hash: C4519430A006089BCB15DB66D941BEEB7F9EF49304F5084BAE84067395E7B8AF01CB5D
                                                                                                                                                                    Function 00473AA0 Relevance: 23.1, APIs: 4, Strings: 9, Instructions: 341COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2109 473aa0-473b9c call 403728 call 403778 call 403684 call 47d578 call 403494 * 2 call 40357c call 42cc54 call 403494 call 40357c call 42cc54 call 403494 call 40357c call 42cc54 * 2 2140 473ba3-473ba7 2109->2140 2141 473b9e-473ba1 2109->2141 2142 473bac-473bb0 2140->2142 2143 473ba9 2140->2143 2141->2142 2144 473bc3-473bd1 call 473770 2142->2144 2145 473bb2-473bbd call 47a04c 2142->2145 2143->2142 2151 473bd3-473bde call 403494 2144->2151 2152 473be0-473be6 call 403494 2144->2152 2145->2144 2150 473bbf 2145->2150 2150->2144 2156 473beb-473c47 call 458718 call 46ef40 call 42ccf4 call 470938 call 4073a0 * 2 call 42d174 2151->2156 2152->2156 2171 473c5d-473c7b call 4073a0 call 473950 call 45850c 2156->2171 2172 473c49-473c58 call 403738 WritePrivateProfileStringA 2156->2172 2181 473c81-473cb3 call 456dd4 2171->2181 2182 473d2e-473d49 call 47380c call 403494 2171->2182 2172->2171 2185 473cb8-473cbc 2181->2185 2193 473d4d-473d62 call 45850c 2182->2193 2187 473cbe-473cc8 call 42d198 2185->2187 2188 473cca-473ccc 2185->2188 2187->2188 2198 473cce 2187->2198 2192 473cd0-473cd7 2188->2192 2192->2193 2194 473cd9-473cdd 2192->2194 2201 473d64-473d78 call 403738 SHChangeNotify 2193->2201 2202 473d7a-473d89 call 403738 SHChangeNotify 2193->2202 2194->2193 2197 473cdf-473cf9 call 42cd4c call 406f14 2194->2197 2197->2193 2211 473cfb-473d20 call 455c44 2197->2211 2198->2192 2210 473d8e-473db7 call 42ccf4 call 403738 SHChangeNotify 2201->2210 2202->2210 2218 473dbd-473dc1 2210->2218 2219 473ebb-473ec0 call 46f2dc 2210->2219 2211->2193 2221 473dc7-473e54 call 45aa00 call 42c84c call 40357c call 45aa00 call 42c84c call 40357c call 45aa00 2218->2221 2222 473e56-473e5a 2218->2222 2223 473ec5-473eef call 403400 call 403420 call 403400 2219->2223 2221->2219 2224 473e7d-473eb6 call 45aa00 * 2 2222->2224 2225 473e5c-473e7b call 45aa00 2222->2225 2224->2219 2225->2219
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042CC54: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042CC78
                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00473C58
                                                                                                                                                                    • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00473D73
                                                                                                                                                                    • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 00473D89
                                                                                                                                                                    • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 00473DAE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                                                                                                                                                    • String ID: .lnk$.pif$.url$Creating the icon.$Desktop.ini$Dest filename: %s$Successfully created the icon.$target.lnk${group}\
                                                                                                                                                                    • API String ID: 971782779-2902529204
                                                                                                                                                                    • Opcode ID: e54a508a62dfe029f21a25df3b69d4e56c56f2154e951fb1d55b97ecab692537
                                                                                                                                                                    • Instruction ID: 9b31a6288a8d0ad81c732a29d19026b8086b57763a6276d7ac4447936d78ea7d
                                                                                                                                                                    • Opcode Fuzzy Hash: e54a508a62dfe029f21a25df3b69d4e56c56f2154e951fb1d55b97ecab692537
                                                                                                                                                                    • Instruction Fuzzy Hash: EBD11374A00148ABDB11DFA9D582BDDBBF4AF08305F50806AF804B7392D778AE45DB69
                                                                                                                                                                    Function 0047D978 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 190COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042DCE8: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,0045451C,00000000,004547CE,?,?,00000000,0049D62C,00000004,00000000,00000000,00000000,?,00499C8D), ref: 0042DCFB
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                      • Part of subcall function 0042DD40: GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,004542C2,00000000,00454365,?,?,00000000,00000000,00000000,00000000,00000000,?,00454755,00000000), ref: 0042DD5A
                                                                                                                                                                      • Part of subcall function 0042DD40: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042DD60
                                                                                                                                                                    • SHGetKnownFolderPath.SHELL32(0049BD44,00008000,00000000,?,00000000,0047DC4C), ref: 0047DB52
                                                                                                                                                                    • CoTaskMemFree.OLE32(?,0047DB95), ref: 0047DB88
                                                                                                                                                                      • Part of subcall function 0042D658: GetEnvironmentVariableA.KERNEL32(00000000,00000000,00000000,?,?,00000000,0042DE8E,00000000,0042DF20,?,?,?,0049D62C,00000000,00000000), ref: 0042D683
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Directory$AddressEnvironmentFolderFreeHandleKnownModulePathProcSystemTaskVariableWindows
                                                                                                                                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                                                                                    • API String ID: 3771764029-544719455
                                                                                                                                                                    • Opcode ID: 6ec6ff986ef5dd5265772e09c3445ba75f4a3d0a7ec86f160005d9c17a7e769a
                                                                                                                                                                    • Instruction ID: 0fe7c2c5921331aa3b985ab989dbf77b3a087c61dea5e3792aec770f31e1cce1
                                                                                                                                                                    • Opcode Fuzzy Hash: 6ec6ff986ef5dd5265772e09c3445ba75f4a3d0a7ec86f160005d9c17a7e769a
                                                                                                                                                                    • Instruction Fuzzy Hash: A061B234E24204AFDB11EFA6D84269E7B78EF84318F51C57BE404AB391D77CAA41CA1D
                                                                                                                                                                    Function 0047E184 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 104libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2689 47e184-47e1d6 call 42dd14 call 42c84c call 4035c0 call 452d1c 2698 47e1f3-47e1fa 2689->2698 2699 47e1d8-47e1df 2689->2699 2702 47e205-47e207 2698->2702 2703 47e1fc-47e203 2698->2703 2700 47e1e1-47e1e8 2699->2700 2701 47e209 2699->2701 2700->2698 2704 47e1ea-47e1f1 2700->2704 2705 47e20b-47e20d 2701->2705 2702->2705 2703->2701 2703->2702 2704->2698 2704->2701 2706 47e20f-47e234 call 42c84c call 4035c0 call 47de48 2705->2706 2707 47e239-47e26e call 42dd14 call 42c84c call 40357c call 42e7e4 * 2 2705->2707 2706->2707 2722 47e273-47e27f 2707->2722 2723 47e2a6-47e2c0 GetProcAddress 2722->2723 2724 47e281-47e2a1 call 407d44 call 453aac 2722->2724 2726 47e2c2-47e2c7 call 453aac 2723->2726 2727 47e2cc-47e2ee call 403420 call 403400 2723->2727 2724->2723 2726->2727
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                    • GetProcAddress.KERNEL32(73AF0000,SHGetFolderPathA), ref: 0047E2B1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressDirectoryProcSystem
                                                                                                                                                                    • String ID: 2$Failed to get address of SHGetFolderPath function$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$shell32.dll$shfolder.dll
                                                                                                                                                                    • API String ID: 996212319-3422985891
                                                                                                                                                                    • Opcode ID: 2ee55fa07f5402e21f3b06f2d1869faf56609dd587cb054fbf2c8bfa1446e0f1
                                                                                                                                                                    • Instruction ID: 9758cc0716918fe71002c31ee1435c1447d2ac946059de1b269defc554b01a12
                                                                                                                                                                    • Opcode Fuzzy Hash: 2ee55fa07f5402e21f3b06f2d1869faf56609dd587cb054fbf2c8bfa1446e0f1
                                                                                                                                                                    • Instruction Fuzzy Hash: C9415830A00119DFDB10DFA6C9415DE77B8FB48309F50C9BBE414A7252D7389E05CB59
                                                                                                                                                                    Function 00423CC4 Relevance: 15.1, APIs: 10, Instructions: 98windowregistryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0041F814: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041F1F4,?,00423CDF,0042405C,0041F1F4), ref: 0041F832
                                                                                                                                                                    • GetClassInfoA.USER32(00400000,00423ACC), ref: 00423CEF
                                                                                                                                                                    • RegisterClassA.USER32(0049B630), ref: 00423D07
                                                                                                                                                                    • GetSystemMetrics.USER32(00000000), ref: 00423D29
                                                                                                                                                                    • GetSystemMetrics.USER32(00000001), ref: 00423D38
                                                                                                                                                                    • SetWindowLongA.USER32(004108B0,000000FC,00423ADC), ref: 00423D94
                                                                                                                                                                    • SendMessageA.USER32(004108B0,00000080,00000001,00000000), ref: 00423DB5
                                                                                                                                                                    • GetSystemMenu.USER32(004108B0,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,0042405C,0041F1F4), ref: 00423DC0
                                                                                                                                                                    • DeleteMenu.USER32(00000000,0000F030,00000000,004108B0,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,0042405C,0041F1F4), ref: 00423DCF
                                                                                                                                                                    • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,004108B0,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 00423DDC
                                                                                                                                                                    • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,004108B0,00000000,00000000,00400000,00000000,00000000,00000000), ref: 00423DF2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 183575631-0
                                                                                                                                                                    • Opcode ID: 1abcc034848d4b892a220e5ec72e4ce95d05c4250325ea2b71e312723c99f020
                                                                                                                                                                    • Instruction ID: 7df3f4c256e16cf88ed5bb8a347b5b3a25df550de305930316ee8fcfc6e0617b
                                                                                                                                                                    • Opcode Fuzzy Hash: 1abcc034848d4b892a220e5ec72e4ce95d05c4250325ea2b71e312723c99f020
                                                                                                                                                                    • Instruction Fuzzy Hash: 203164B17502106AEB10AF65DC86F6A3698D714709F60017AFA40EF2D7C6BDED40476D
                                                                                                                                                                    Function 0042FA00 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90windowregistryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetActiveWindow.USER32 ref: 0042FA2F
                                                                                                                                                                    • GetFocus.USER32 ref: 0042FA37
                                                                                                                                                                    • RegisterClassA.USER32(0049B7AC), ref: 0042FA58
                                                                                                                                                                    • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042FB2C,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042FA96
                                                                                                                                                                    • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042FADC
                                                                                                                                                                    • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042FAED
                                                                                                                                                                    • SetFocus.USER32(00000000,00000000,0042FB0F,?,?,?,00000001,00000000,?,00458B4E,00000000,0049D62C), ref: 0042FAF4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                                                                                                                                                    • String ID: TWindowDisabler-Window
                                                                                                                                                                    • API String ID: 3167913817-1824977358
                                                                                                                                                                    • Opcode ID: fec87ca07d7290a4a57da710bc1ddf3081f88a8d4dfe440d170acd63eb0d43c3
                                                                                                                                                                    • Instruction ID: be32ada46e774ba6914a87ad40c025b2c9e25f6d11d521099bf08b28c91ad89a
                                                                                                                                                                    • Opcode Fuzzy Hash: fec87ca07d7290a4a57da710bc1ddf3081f88a8d4dfe440d170acd63eb0d43c3
                                                                                                                                                                    • Instruction Fuzzy Hash: E121B570B40720BAE210EB65EC03F1A76B4EB04B04FA1813BF504BB2D1D7B96C1487AD
                                                                                                                                                                    Function 00473950 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 67COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,00473A11,?,?,?,00000008,00000000,00000000,00000000,?,00473C6D,?,?,00000000,00473EF0), ref: 00473974
                                                                                                                                                                      • Part of subcall function 0042D1E4: GetPrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0042D25A
                                                                                                                                                                      • Part of subcall function 004073A0: DeleteFileA.KERNEL32(00000000,0049D62C,00499FD9,00000000,0049A02E,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 004073AB
                                                                                                                                                                    • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00473A11,?,?,?,00000008,00000000,00000000,00000000,?,00473C6D), ref: 004739EB
                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00473A11,?,?,?,00000008,00000000,00000000,00000000), ref: 004739F1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$Attributes$DeleteDirectoryPrivateProfileRemoveString
                                                                                                                                                                    • String ID: .ShellClassInfo$CLSID2$desktop.ini$target.lnk${0AFACED1-E828-11D1-9187-B532F1E9575D}
                                                                                                                                                                    • API String ID: 884541143-1710247218
                                                                                                                                                                    • Opcode ID: c5ee601f3e9953c735d8bf0a71158fe3e64be6cf92b19d5fab08f93ca351b12b
                                                                                                                                                                    • Instruction ID: bfb262a57c212aacfed1a05d1298e64af55acb3d3cb9d0523fd91374b550827c
                                                                                                                                                                    • Opcode Fuzzy Hash: c5ee601f3e9953c735d8bf0a71158fe3e64be6cf92b19d5fab08f93ca351b12b
                                                                                                                                                                    • Instruction Fuzzy Hash: 8F11D3B07006047BD701EA698C83AAE73ACDB48715F50813BB844A72C1DB3C9F02961D
                                                                                                                                                                    Function 00453934 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 56libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004539F2,?,?,?,?,00000000,00000000,?,0049A4EE), ref: 00453956
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0045395C
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004539F2,?,?,?,?,00000000,00000000,?,0049A4EE), ref: 00453970
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453976
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                                                                    • API String ID: 1646373207-2130885113
                                                                                                                                                                    • Opcode ID: 82da2a28b5003144a588bfd6711196aeba7955ca25a5e24eec6645e80d453e72
                                                                                                                                                                    • Instruction ID: a193a4472c2853cf72940ff7690ab9972ac4b2f80f688c1a00737a0c34b4483d
                                                                                                                                                                    • Opcode Fuzzy Hash: 82da2a28b5003144a588bfd6711196aeba7955ca25a5e24eec6645e80d453e72
                                                                                                                                                                    • Instruction Fuzzy Hash: B211E3B0A00244BBDB00EF66DC03F5E7BA8D70475AF60447BF84166282D6BC9F088A2D
                                                                                                                                                                    Function 004588C0 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 126COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00458A74,?, /s ",?,regsvr32.exe",?,00458A74), ref: 004589E6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseDirectoryHandleSystem
                                                                                                                                                                    • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                                                                                                                    • API String ID: 2051275411-1862435767
                                                                                                                                                                    • Opcode ID: aae078ff7cbfb50b1b3ba0338758ff469a77f675cc43c49acc35d4f3ef3901ab
                                                                                                                                                                    • Instruction ID: 5e566bfdb395c8031f807e0e6dfcda5b961088fbae7d5a2ae3caad0b9f5d9a1a
                                                                                                                                                                    • Opcode Fuzzy Hash: aae078ff7cbfb50b1b3ba0338758ff469a77f675cc43c49acc35d4f3ef3901ab
                                                                                                                                                                    • Instruction Fuzzy Hash: 94410770A003486BDB10EFE5C842B9DB7F9AF45305F50407FA914BB296DF789E098B59
                                                                                                                                                                    Function 00467E10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467EB3
                                                                                                                                                                    • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467ED9
                                                                                                                                                                      • Part of subcall function 00467D4C: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 00467DE7
                                                                                                                                                                      • Part of subcall function 00467D4C: DestroyCursor.USER32(00000000), ref: 00467DFD
                                                                                                                                                                    • ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 00467F30
                                                                                                                                                                    • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 00467F91
                                                                                                                                                                    • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467FB7
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Icon$Extract$FileInfo$CursorDestroyDraw
                                                                                                                                                                    • String ID: c:\directory$shell32.dll
                                                                                                                                                                    • API String ID: 3376378930-1375355148
                                                                                                                                                                    • Opcode ID: 5f39b0330533c07a7ed62396f03ad1b0497855389b17cb99d84a9eecbd47350c
                                                                                                                                                                    • Instruction ID: adf232676f9dc8545d434ff73a7213ff4163269ef5d9f53791e9b27a0c2465ea
                                                                                                                                                                    • Opcode Fuzzy Hash: 5f39b0330533c07a7ed62396f03ad1b0497855389b17cb99d84a9eecbd47350c
                                                                                                                                                                    • Instruction Fuzzy Hash: 64516D70644208AFD750EF65CC85FDEBBA8EB48308F1085A7F5089B391DA399E85CB59
                                                                                                                                                                    Function 00430DE0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430DE8
                                                                                                                                                                    • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 00430DF7
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00430E11
                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(00000000), ref: 00430E32
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                                                                                                                                                    • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                                                                                                                                                    • API String ID: 4130936913-2943970505
                                                                                                                                                                    • Opcode ID: 50811bd1b0b0bc88e10382fd261453b7235327efbd1eb80bce93881789032006
                                                                                                                                                                    • Instruction ID: dd09876b0f9c3184917b018614b917cdad608ae665b29eb2c15b2e3af62d5cdc
                                                                                                                                                                    • Opcode Fuzzy Hash: 50811bd1b0b0bc88e10382fd261453b7235327efbd1eb80bce93881789032006
                                                                                                                                                                    • Instruction Fuzzy Hash: 98F082B09483409ED300EF26890371A7AE0AB58708F404F3FB48CA2291D7399910CB1F
                                                                                                                                                                    Function 00455778 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 154COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00455994,00455994,?,00455994,00000000), ref: 00455922
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00455994,00455994,?,00455994), ref: 0045592F
                                                                                                                                                                      • Part of subcall function 004556E4: WaitForInputIdle.USER32(?,00000032), ref: 00455710
                                                                                                                                                                      • Part of subcall function 004556E4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00455732
                                                                                                                                                                      • Part of subcall function 004556E4: GetExitCodeProcess.KERNEL32(?,?), ref: 00455741
                                                                                                                                                                      • Part of subcall function 004556E4: CloseHandle.KERNEL32(?,0045576E,00455767,?,?,?,00000000,?,?,00455943,?,?,?,00000044,00000000,00000000), ref: 00455761
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                                                                                                                    • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                                                                                                                    • API String ID: 854858120-615399546
                                                                                                                                                                    • Opcode ID: bf46dc48d17bd83cb09f754920638625d429a081fc0d571a5d8b891449f759b1
                                                                                                                                                                    • Instruction ID: 19165e213e9236b89a5b086241af4e71530f18fc7e42ed674525c8849c01d6f6
                                                                                                                                                                    • Opcode Fuzzy Hash: bf46dc48d17bd83cb09f754920638625d429a081fc0d571a5d8b891449f759b1
                                                                                                                                                                    • Instruction Fuzzy Hash: F4514A7060074DABDB11EF96C892BEEBBB9AF44315F50403BF804BB282D77C99198759
                                                                                                                                                                    Function 00423ADC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadIconA.USER32(00400000,MAINICON), ref: 00423B6C
                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00419436,00000000,?,?,?,00000001), ref: 00423B99
                                                                                                                                                                    • OemToCharA.USER32(?,?), ref: 00423BAC
                                                                                                                                                                    • CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00419436,00000000,?,?,?,00000001), ref: 00423BEC
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Char$FileIconLoadLowerModuleName
                                                                                                                                                                    • String ID: 2$MAINICON
                                                                                                                                                                    • API String ID: 3935243913-3181700818
                                                                                                                                                                    • Opcode ID: 5bb029359a14fe80b98f3d31a1bddee7a09f53b94ef6d4528e1ea31487fdaa44
                                                                                                                                                                    • Instruction ID: e5d3831d9b5483d4bbbd2f836839ca6b10e9aa02fde8f17f2ef2fb4492c3d901
                                                                                                                                                                    • Opcode Fuzzy Hash: 5bb029359a14fe80b98f3d31a1bddee7a09f53b94ef6d4528e1ea31487fdaa44
                                                                                                                                                                    • Instruction Fuzzy Hash: 6031A271A042549ADB10EF29C8C57C67BE8AF14308F4045BAE844DB383D7BED988CB59
                                                                                                                                                                    Function 00419388 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000), ref: 0041938D
                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(00000000), ref: 004193AE
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 004193C9
                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(00000000), ref: 004193EA
                                                                                                                                                                      • Part of subcall function 00423518: GetDC.USER32(00000000), ref: 0042356E
                                                                                                                                                                      • Part of subcall function 00423518: EnumFontsA.GDI32(00000000,00000000,004234B8,004108B0,00000000,?,?,00000000,?,00419423,00000000,?,?,?,00000001), ref: 00423581
                                                                                                                                                                      • Part of subcall function 00423518: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423589
                                                                                                                                                                      • Part of subcall function 00423518: ReleaseDC.USER32(00000000,00000000), ref: 00423594
                                                                                                                                                                      • Part of subcall function 00423ADC: LoadIconA.USER32(00400000,MAINICON), ref: 00423B6C
                                                                                                                                                                      • Part of subcall function 00423ADC: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00419436,00000000,?,?,?,00000001), ref: 00423B99
                                                                                                                                                                      • Part of subcall function 00423ADC: OemToCharA.USER32(?,?), ref: 00423BAC
                                                                                                                                                                      • Part of subcall function 00423ADC: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00419436,00000000,?,?,?,00000001), ref: 00423BEC
                                                                                                                                                                      • Part of subcall function 0041F568: GetVersion.KERNEL32(?,00419440,00000000,?,?,?,00000001), ref: 0041F576
                                                                                                                                                                      • Part of subcall function 0041F568: SetErrorMode.KERNEL32(00008000,?,00419440,00000000,?,?,?,00000001), ref: 0041F592
                                                                                                                                                                      • Part of subcall function 0041F568: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00419440,00000000,?,?,?,00000001), ref: 0041F59E
                                                                                                                                                                      • Part of subcall function 0041F568: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00419440,00000000,?,?,?,00000001), ref: 0041F5AC
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F5DC
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F605
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F61A
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F62F
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F644
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F659
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F66E
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F683
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F698
                                                                                                                                                                      • Part of subcall function 0041F568: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F6AD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$CapsDeviceEnumFileFontsIconLibraryLowerModuleNameProcessReleaseThreadVersion
                                                                                                                                                                    • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                                                                                                                                                    • API String ID: 316262546-2767913252
                                                                                                                                                                    • Opcode ID: e4565b8fba9480968b1ec32b488455297d6f31b702462cc9ec0cccc8cb2a2db4
                                                                                                                                                                    • Instruction ID: 7870b9ea93aa7f75565cd31cdf92f475c288cd9ab0443d66b722f1effdfa130a
                                                                                                                                                                    • Opcode Fuzzy Hash: e4565b8fba9480968b1ec32b488455297d6f31b702462cc9ec0cccc8cb2a2db4
                                                                                                                                                                    • Instruction Fuzzy Hash: 8D112C70A182419AC300FF36D44279A7AE09BA430CF50893FF488AB3A1DB3D9D458B5E
                                                                                                                                                                    Function 00413A8C Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,?), ref: 00413AB4
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 00413ABF
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F4), ref: 00413AD1
                                                                                                                                                                    • SetWindowLongA.USER32(?,000000F4,?), ref: 00413AE4
                                                                                                                                                                    • SetPropA.USER32(?,00000000,00000000), ref: 00413AFB
                                                                                                                                                                    • SetPropA.USER32(?,00000000,00000000), ref: 00413B12
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LongWindow$Prop
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3887896539-0
                                                                                                                                                                    • Opcode ID: a72ee32d6cac1f66b8d23ea34dc7313db56b2b1373a44c7e0100784739caab29
                                                                                                                                                                    • Instruction ID: a594f7604add2a8bfce9427623ad02c9736cb33a5a72341fbb506abd62de3718
                                                                                                                                                                    • Opcode Fuzzy Hash: a72ee32d6cac1f66b8d23ea34dc7313db56b2b1373a44c7e0100784739caab29
                                                                                                                                                                    • Instruction Fuzzy Hash: 0811CC75500244BFDF00DF99ED88E9A3BE8EB09364F104276B914DB2E1D739D990CB94
                                                                                                                                                                    Function 004730AC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 272fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,00000000,00000000,0047327D,I,?,?,I,00000000,0047346D,?,00000000,?,00000000,?,00473639), ref: 00473259
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,00473284,0047327D,I,?,?,I,00000000,0047346D,?,00000000,?,00000000,?,00473639,?), ref: 00473277
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,00000000,00000000,0047339F,I,?,?,I,00000000,0047346D,?,00000000,?,00000000,?,00473639), ref: 0047337B
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,004733A6,0047339F,I,?,?,I,00000000,0047346D,?,00000000,?,00000000,?,00473639,?), ref: 00473399
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$CloseFileNext
                                                                                                                                                                    • String ID: I
                                                                                                                                                                    • API String ID: 2066263336-1966777607
                                                                                                                                                                    • Opcode ID: 58acc24e766f6bfb8c1576d28423a15aa0795efb94c8332f54c59ce793d7e549
                                                                                                                                                                    • Instruction ID: 1af051264105f0c3ac5173717805306f181c97d1b343904b0a5707565e1f6f82
                                                                                                                                                                    • Opcode Fuzzy Hash: 58acc24e766f6bfb8c1576d28423a15aa0795efb94c8332f54c59ce793d7e549
                                                                                                                                                                    • Instruction Fuzzy Hash: F2C13C7490425DAFCF11DFA5C881ADEBBB9FF49304F5081AAE808A3351D7399A46CF54
                                                                                                                                                                    Function 00455E74 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0045600B,?,00000000,0045604B), ref: 00455F51
                                                                                                                                                                    Strings
                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 00455EF0
                                                                                                                                                                    • WININIT.INI, xrefs: 00455F80
                                                                                                                                                                    • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455ED4
                                                                                                                                                                    • PendingFileRenameOperations2, xrefs: 00455F20
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                                                                                                                                                    • API String ID: 47109696-2199428270
                                                                                                                                                                    • Opcode ID: e9f5ec5d9a922d6e804977622206966c4fc0cebec45bda16100918fe35222916
                                                                                                                                                                    • Instruction ID: cd3286cbb97796e9ecd700c4ab963dac99c65abdd87cbf21601b40f17af9d083
                                                                                                                                                                    • Opcode Fuzzy Hash: e9f5ec5d9a922d6e804977622206966c4fc0cebec45bda16100918fe35222916
                                                                                                                                                                    • Instruction Fuzzy Hash: 1551B930E001089FDB11EF61DC51ADEB7B9EF44705F5085BBE804A72D2DB39AE45CA58
                                                                                                                                                                    Function 0047DEA0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0047DFF6,?,?,00000000,0049D62C,00000000,00000000,?,00499E21,00000000,00499FCA,?,00000000), ref: 0047DF33
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,0047DFF6,?,?,00000000,0049D62C,00000000,00000000,?,00499E21,00000000,00499FCA,?,00000000), ref: 0047DF3C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                    • String ID: Created temporary directory: $\_setup64.tmp$_isetup
                                                                                                                                                                    • API String ID: 1375471231-2952887711
                                                                                                                                                                    • Opcode ID: 33175e53bcdc236547669df30be0c86e65b4a83651754463481cbc024013f40b
                                                                                                                                                                    • Instruction ID: ecaa8d991a706e785fb0a456308ec2ceb04ba6e672c042181299f5b248b5f278
                                                                                                                                                                    • Opcode Fuzzy Hash: 33175e53bcdc236547669df30be0c86e65b4a83651754463481cbc024013f40b
                                                                                                                                                                    • Instruction Fuzzy Hash: A2414634A101099BCB01EF95DC81ADEB7B9EF44309F50847BE901B7392DB38AE05CB69
                                                                                                                                                                    Function 004587F4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 00458824
                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00458845
                                                                                                                                                                    • CloseHandle.KERNEL32(?,00458878), ref: 0045886B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                                                                                                                    • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                                                                                                                    • API String ID: 2573145106-3235461205
                                                                                                                                                                    • Opcode ID: badf4c00a4699e3dfded9aefeb0b8210dc68231cab7058e25db0b4923bb12b22
                                                                                                                                                                    • Instruction ID: 4c05e8df3edacc9d455a33c3a45c96e3e51f685ffe720196e50d624f784124f1
                                                                                                                                                                    • Opcode Fuzzy Hash: badf4c00a4699e3dfded9aefeb0b8210dc68231cab7058e25db0b4923bb12b22
                                                                                                                                                                    • Instruction Fuzzy Hash: 3E01A274A00204AFDB10FBA98C52A1E73A8EB45715FA0057AFD10F73D2DE39AD048A28
                                                                                                                                                                    Function 0042E294 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0042E2A0
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042E43B,00000000,0042E453,?,?,?,?,00000006,?,00000000,00499145), ref: 0042E2BB
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E2C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                    • String ID: RegDeleteKeyExA$advapi32.dll
                                                                                                                                                                    • API String ID: 588496660-1846899949
                                                                                                                                                                    • Opcode ID: ec6d5e68239a8fd64e2f61c23397c604527ea817bc29ae7d62183104243c5598
                                                                                                                                                                    • Instruction ID: a3ecee3a08e4bdafa542c89306e26d0a5ab5c090d3d5ae483566a3001d088d92
                                                                                                                                                                    • Opcode Fuzzy Hash: ec6d5e68239a8fd64e2f61c23397c604527ea817bc29ae7d62183104243c5598
                                                                                                                                                                    • Instruction Fuzzy Hash: B8E065B0740234EAD7142A66BC4AFA7260CEB54726F940877F10A661D187BC1C40D66C
                                                                                                                                                                    Function 0046C7D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 320COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • PrepareToInstall failed: %s, xrefs: 0046CB2E
                                                                                                                                                                    • NextButtonClick, xrefs: 0046C90C
                                                                                                                                                                    • Need to restart Windows? %s, xrefs: 0046CB55
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: Need to restart Windows? %s$NextButtonClick$PrepareToInstall failed: %s
                                                                                                                                                                    • API String ID: 0-2329492092
                                                                                                                                                                    • Opcode ID: 3346537281c1196aa201e0bb92b33f224cfeee3f9a7219f7cebd7541620e23b9
                                                                                                                                                                    • Instruction ID: 93777efb9077a0228fe374709ad1741880755db4a3f7640889f56f3bdeecc4c5
                                                                                                                                                                    • Opcode Fuzzy Hash: 3346537281c1196aa201e0bb92b33f224cfeee3f9a7219f7cebd7541620e23b9
                                                                                                                                                                    • Instruction Fuzzy Hash: 9CD17F34A00108DFCB10EFA9C585AED7BF5EF49304F6444BAE444AB352E738AE45DB5A
                                                                                                                                                                    Function 00484470 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetActiveWindow.USER32(?,?,00000000,004847C1), ref: 00484594
                                                                                                                                                                    • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 00484632
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ActiveChangeNotifyWindow
                                                                                                                                                                    • String ID: $Need to restart Windows? %s
                                                                                                                                                                    • API String ID: 1160245247-4200181552
                                                                                                                                                                    • Opcode ID: e95e4149d93f10ac98785082c4fc4ceca4038cfde1ccddaca60a4915572369ad
                                                                                                                                                                    • Instruction ID: cbf7044c9224e5df34f4324165486d78489046a6efa1a602e4c0c9b5677eb74d
                                                                                                                                                                    • Opcode Fuzzy Hash: e95e4149d93f10ac98785082c4fc4ceca4038cfde1ccddaca60a4915572369ad
                                                                                                                                                                    • Instruction Fuzzy Hash: C591A334A042459FDB10FB66D885B9D77E0AF5A308F1444BBE800973A2D77CAD45CB5E
                                                                                                                                                                    Function 00470938 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042CC54: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042CC78
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00470B35,?,?,0049E1E4,00000000), ref: 00470A12
                                                                                                                                                                    • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00470A8C
                                                                                                                                                                    • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 00470AB1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ChangeNotify$ErrorFullLastNamePath
                                                                                                                                                                    • String ID: Creating directory: %s
                                                                                                                                                                    • API String ID: 2451617938-483064649
                                                                                                                                                                    • Opcode ID: 2ae739d9ed6bf71da2b0f4ddd6c174c3087377f3b6365f1c49270e367bab5b85
                                                                                                                                                                    • Instruction ID: 27f0dcb835b35bf1686b0556d16ec1317b7bae4cbab61287d01ee882f408922b
                                                                                                                                                                    • Opcode Fuzzy Hash: 2ae739d9ed6bf71da2b0f4ddd6c174c3087377f3b6365f1c49270e367bab5b85
                                                                                                                                                                    • Instruction Fuzzy Hash: 0251FE74E01248ABDB01DFA5C982BDEB7F5AF48308F50856AE844B7382D7785F04CB59
                                                                                                                                                                    Function 0045553C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 004555EA
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,004556B0), ref: 00455654
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressByteCharMultiProcWide
                                                                                                                                                                    • String ID: SfcIsFileProtected$sfc.dll
                                                                                                                                                                    • API String ID: 2508298434-591603554
                                                                                                                                                                    • Opcode ID: f7e58a0fd106200e4f3bc04200b2cacc58717943215cb6059fe45d01fbc32bb5
                                                                                                                                                                    • Instruction ID: f46810b5b314b431af4f43299c3fabe32507941823b9175d405aae5aeba4d308
                                                                                                                                                                    • Opcode Fuzzy Hash: f7e58a0fd106200e4f3bc04200b2cacc58717943215cb6059fe45d01fbc32bb5
                                                                                                                                                                    • Instruction Fuzzy Hash: 9141A470A00618AFEB20DF55DC95BAD77B8AB04319F5080B7E90CA7292D7789F48CE1D
                                                                                                                                                                    Function 00452C54 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • 74D41520.VERSION(00000000,?,?,?,?), ref: 00452C74
                                                                                                                                                                    • 74D41500.VERSION(00000000,?,00000000,?,00000000,00452CEF,?,00000000,?,?,?,?), ref: 00452CA1
                                                                                                                                                                    • 74D41540.VERSION(?,00452D18,?,?,00000000,?,00000000,?,00000000,00452CEF,?,00000000,?,?,?,?), ref: 00452CBB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: D41500D41520D41540
                                                                                                                                                                    • String ID: )-E
                                                                                                                                                                    • API String ID: 2153611984-3997256589
                                                                                                                                                                    • Opcode ID: 1e3fa64680b4daa2d15fd70f35a4d6916cc241641b57064dc1621c371eabb0d9
                                                                                                                                                                    • Instruction ID: 50707f88950aac898d8c4389756beb7c92bb5193b179b1fc1fca76f0aa7be7f8
                                                                                                                                                                    • Opcode Fuzzy Hash: 1e3fa64680b4daa2d15fd70f35a4d6916cc241641b57064dc1621c371eabb0d9
                                                                                                                                                                    • Instruction Fuzzy Hash: 2B219275A00648AFDB01DAA99D419AFB7FCEB4A301F554077FC00E3282D6B99E088769
                                                                                                                                                                    Function 00450390 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59libraryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,00000000,00450469,?,?,?,?,00000000,00000000), ref: 004503F8
                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,00000000,00450469,?,?,?,?,00000000,00000000), ref: 0045043E
                                                                                                                                                                      • Part of subcall function 00450360: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00450378
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoad$DirectorySystem
                                                                                                                                                                    • String ID: RICHED20.DLL$RICHED32.DLL
                                                                                                                                                                    • API String ID: 2630572097-740611112
                                                                                                                                                                    • Opcode ID: 9fcc27b6184eb67fa55648afaa4eab07c2ec715cb05f6099bae96d6f0231ec87
                                                                                                                                                                    • Instruction ID: 45d93e0d121fe09c7a50066aca23a685df4873c559958f5edeb39e7b45036801
                                                                                                                                                                    • Opcode Fuzzy Hash: 9fcc27b6184eb67fa55648afaa4eab07c2ec715cb05f6099bae96d6f0231ec87
                                                                                                                                                                    • Instruction Fuzzy Hash: EB216374900108EFDB10FF61E846B5D77F8EB55319F50447BE500A6162D7785A49CF5C
                                                                                                                                                                    Function 0042F188 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042F201
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                      • Part of subcall function 0042E7E4: SetErrorMode.KERNEL32(00008000), ref: 0042E7EE
                                                                                                                                                                      • Part of subcall function 0042E7E4: LoadLibraryA.KERNEL32(00000000,00000000,0042E838,?,00000000,0042E856,?,00008000), ref: 0042E81D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042F1E4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressAutoCompleteDirectoryErrorLibraryLoadModeProcSystem
                                                                                                                                                                    • String ID: SHAutoComplete$shlwapi.dll
                                                                                                                                                                    • API String ID: 395431579-1506664499
                                                                                                                                                                    • Opcode ID: ef2fe5795da2c79bebcfc8bc045bc88b8cffcc678c25b10b165038ef52182f9f
                                                                                                                                                                    • Instruction ID: f8fd25663858203a515409cfb2833324ac242db414aae85ffba9c986139a78a3
                                                                                                                                                                    • Opcode Fuzzy Hash: ef2fe5795da2c79bebcfc8bc045bc88b8cffcc678c25b10b165038ef52182f9f
                                                                                                                                                                    • Instruction Fuzzy Hash: 9701D274B00718EBE711DB65EC42B5E7BFCDB99704FE000B7B404A2291DAB99E48C62C
                                                                                                                                                                    Function 004561AC Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,00456217,?,00000001,00000000), ref: 0045620A
                                                                                                                                                                    Strings
                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 004561DC
                                                                                                                                                                    • PendingFileRenameOperations2, xrefs: 004561EB
                                                                                                                                                                    • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 004561B8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                                                    • API String ID: 47109696-2115312317
                                                                                                                                                                    • Opcode ID: 87e1b63c1f2f4d127164f17ed4e3c83a002a2972f4535a48dc77b62da67b808c
                                                                                                                                                                    • Instruction ID: 13f9a8dc2762523c9d5034016e8e0e4cf56d15ba7b570f5b98feacd54ef34b89
                                                                                                                                                                    • Opcode Fuzzy Hash: 87e1b63c1f2f4d127164f17ed4e3c83a002a2972f4535a48dc77b62da67b808c
                                                                                                                                                                    • Instruction Fuzzy Hash: F2F06271348204ABD714E6E69C13B5B739CD784B15FE284A6F80487982EA79AD14962C
                                                                                                                                                                    Function 0046FC5C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,VtG,?,0049E1E4,?,0046FF73,?,00000000,00470532,?,_is1), ref: 0046FC7F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Value
                                                                                                                                                                    • String ID: Inno Setup: Setup Version$VtG$I
                                                                                                                                                                    • API String ID: 3702945584-29442299
                                                                                                                                                                    • Opcode ID: 01fe2595a91c979785a9f0a3cbfdcbab837408d87d7a81537bd7bc401ac7c2bc
                                                                                                                                                                    • Instruction ID: 298cf4f1533d54ab550fd3d15e19e6a926ba71f9f01c0afe6301adb1283b93e4
                                                                                                                                                                    • Opcode Fuzzy Hash: 01fe2595a91c979785a9f0a3cbfdcbab837408d87d7a81537bd7bc401ac7c2bc
                                                                                                                                                                    • Instruction Fuzzy Hash: E7E06D713013043BD710AA2BAC85F5BAADCDF987A5F00403AB948DB392D578ED0542A8
                                                                                                                                                                    Function 00481008 Relevance: 6.1, APIs: 4, Instructions: 147fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,?,?,?,?,00000000,00481201), ref: 004810AE
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,000000FF,?,?,?,?,00000000,00481201), ref: 004810BB
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,004811D4,?,?,?,?,00000000,00481201), ref: 004811B0
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,004811DB,004811D4,?,?,?,?,00000000,00481201), ref: 004811CE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$CloseFileNext
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2066263336-0
                                                                                                                                                                    • Opcode ID: a7282cdd43789a729838670eaf510dc410c5fe8a0b40b286b3301f2a8b9d9e8e
                                                                                                                                                                    • Instruction ID: 32ce0b593b226a8a495a7b16ec3f8c392e3281c2b0d16565a73bd1b48714ff7d
                                                                                                                                                                    • Opcode Fuzzy Hash: a7282cdd43789a729838670eaf510dc410c5fe8a0b40b286b3301f2a8b9d9e8e
                                                                                                                                                                    • Instruction Fuzzy Hash: 95515E75A006489FCB10EF65CC45ADEB7BCEB89315F1045ABA808E7351D6389F86CF58
                                                                                                                                                                    Function 004216C4 Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetMenu.USER32(00000000), ref: 004217B1
                                                                                                                                                                    • SetMenu.USER32(00000000,00000000), ref: 004217CE
                                                                                                                                                                    • SetMenu.USER32(00000000,00000000), ref: 00421803
                                                                                                                                                                    • SetMenu.USER32(00000000,00000000), ref: 0042181F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Menu
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3711407533-0
                                                                                                                                                                    • Opcode ID: 59798fd8ba23b22bfe7adc24a45fa2a089ae2ca740feb2f7fc2a48b52f20e03d
                                                                                                                                                                    • Instruction ID: 73b485f7b17ee0b128820b03b0310e3fef403fa1ec291b42cca88d6787b8c394
                                                                                                                                                                    • Opcode Fuzzy Hash: 59798fd8ba23b22bfe7adc24a45fa2a089ae2ca740feb2f7fc2a48b52f20e03d
                                                                                                                                                                    • Instruction Fuzzy Hash: 44419E3070426407DB21BF3AA98579B66D55FA0308F4811BFE8458F3A3CA7CCC4A82AD
                                                                                                                                                                    Function 00416F92 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,?,?,?), ref: 00416FD4
                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00416FEE
                                                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00417008
                                                                                                                                                                    • CallWindowProcA.USER32(?,?,?,?,?), ref: 00417030
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Color$CallMessageProcSendTextWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 601730667-0
                                                                                                                                                                    • Opcode ID: 2663e636a10a516644b319dd38bd24ec26a11bbb7cdbebd148a82c02926d9cca
                                                                                                                                                                    • Instruction ID: 97657bf4431c68cea31458eff6611b8cbcc4ca9acdd3171e17da9912607f4e93
                                                                                                                                                                    • Opcode Fuzzy Hash: 2663e636a10a516644b319dd38bd24ec26a11bbb7cdbebd148a82c02926d9cca
                                                                                                                                                                    • Instruction Fuzzy Hash: CE114CB1604600AFD710EE6ECD84E87B7ECDF48310B14882AB55ADB612C62CE8818B69
                                                                                                                                                                    Function 00423ED4 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnumWindows.USER32(00423E6C), ref: 00423EF8
                                                                                                                                                                    • GetWindow.USER32(?,00000003), ref: 00423F0D
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EC), ref: 00423F1C
                                                                                                                                                                    • SetWindowPos.USER32(00000000,004245AC,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004245FB,?,?,004241C3), ref: 00423F52
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$EnumLongWindows
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4191631535-0
                                                                                                                                                                    • Opcode ID: da7c6a1f1adb1243b5fa3636d4e877867cfe7b0e5d1887425f7f41af5dac74a2
                                                                                                                                                                    • Instruction ID: 800f3c7d6b650a9444741cf3b456662361ea129bec99247a5177c247b1bc03b7
                                                                                                                                                                    • Opcode Fuzzy Hash: da7c6a1f1adb1243b5fa3636d4e877867cfe7b0e5d1887425f7f41af5dac74a2
                                                                                                                                                                    • Instruction Fuzzy Hash: 5B117071B04610ABDB109F28ED85F5673F4EB08715F12026AF9649B2E2C37CDD40CB58
                                                                                                                                                                    Function 00423518 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0042356E
                                                                                                                                                                    • EnumFontsA.GDI32(00000000,00000000,004234B8,004108B0,00000000,?,?,00000000,?,00419423,00000000,?,?,?,00000001), ref: 00423581
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423589
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00423594
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CapsDeviceEnumFontsRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2698912916-0
                                                                                                                                                                    • Opcode ID: bb643e78eddffdc26f40f16d9b8672dcc85dc1c54bcbb46a45d6df83db9bb269
                                                                                                                                                                    • Instruction ID: 3e91f746c00fb2f600ae5fc17e333cd129bb14a9c5a67b8d5949c9a763c02f3d
                                                                                                                                                                    • Opcode Fuzzy Hash: bb643e78eddffdc26f40f16d9b8672dcc85dc1c54bcbb46a45d6df83db9bb269
                                                                                                                                                                    • Instruction Fuzzy Hash: 5C019EB17457102AE710BF6A5C82B9B37A49F0531DF40427FF908AB3C2DA7E990547AE
                                                                                                                                                                    Function 004556E4 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForInputIdle.USER32(?,00000032), ref: 00455710
                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00455732
                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00455741
                                                                                                                                                                    • CloseHandle.KERNEL32(?,0045576E,00455767,?,?,?,00000000,?,?,00455943,?,?,?,00000044,00000000,00000000), ref: 00455761
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4071923889-0
                                                                                                                                                                    • Opcode ID: e126f15f683302dc559021059a82b558c39c859db7a935f956c73275d63f0053
                                                                                                                                                                    • Instruction ID: d914ecb4f604d225e93de076450c6742835d04a0b91abb11bcb899d5d614385b
                                                                                                                                                                    • Opcode Fuzzy Hash: e126f15f683302dc559021059a82b558c39c859db7a935f956c73275d63f0053
                                                                                                                                                                    • Instruction Fuzzy Hash: 6101B570A40A09FEEB20A7A58D16F7F7BADDB49760F610167F904D32C2C6789D00CA68
                                                                                                                                                                    Function 004019CC Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlInitializeCriticalSection.KERNEL32(0049D420,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                                                    • RtlEnterCriticalSection.KERNEL32(0049D420,0049D420,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,00000FF8,0049D420,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                                                    • RtlLeaveCriticalSection.KERNEL32(0049D420,00401A89,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 730355536-0
                                                                                                                                                                    • Opcode ID: 6924fe21b1383dcef356c9aa5819c214f6a77f33e1d4e548cd75cfb9fc70e511
                                                                                                                                                                    • Instruction ID: 7339f3ebbe1eed2a5a633cb922c09bf0bd68a71b88021a6e55e3f3fb74b7268e
                                                                                                                                                                    • Opcode Fuzzy Hash: 6924fe21b1383dcef356c9aa5819c214f6a77f33e1d4e548cd75cfb9fc70e511
                                                                                                                                                                    • Instruction Fuzzy Hash: AB01CCB0E482405EFB19AF699902B293FD4D799748F51803BF441A7AF1CA7C6840CB2E
                                                                                                                                                                    Function 00424690 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastActivePopup.USER32(?), ref: 0042469C
                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 004246AD
                                                                                                                                                                    • IsWindowEnabled.USER32(?), ref: 004246B7
                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 004246C1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2280970139-0
                                                                                                                                                                    • Opcode ID: 964e624a3cbf8c5b4517c95e76b9339d3539c6f5ce3d6abdcbab3e7bb719c7a3
                                                                                                                                                                    • Instruction ID: 92c4e0b2622c21c1aafdf32b5a5e60d634be871c9bac48645995030a32fad986
                                                                                                                                                                    • Opcode Fuzzy Hash: 964e624a3cbf8c5b4517c95e76b9339d3539c6f5ce3d6abdcbab3e7bb719c7a3
                                                                                                                                                                    • Instruction Fuzzy Hash: BBE01261B0293157AA31FA7AA885A9F118CDD47BC43460277BC41F7297DB2CDC1045FD
                                                                                                                                                                    Function 0040627C Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GlobalHandle.KERNEL32 ref: 0040627F
                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00406286
                                                                                                                                                                    • GlobalReAlloc.KERNEL32(00000000,00000000), ref: 0040628B
                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00406291
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Global$AllocHandleLockUnlock
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2167344118-0
                                                                                                                                                                    • Opcode ID: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                                                                                                    • Instruction ID: 024a49765fc045a09389489d8ed5919b86daafa6bea6a005e9f609907830066e
                                                                                                                                                                    • Opcode Fuzzy Hash: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                                                                                                    • Instruction Fuzzy Hash: 64B009C6925A46B8EC0473B24C4BD3F041CE88472C3809A6E7554BA0839C7C9C002E3A
                                                                                                                                                                    Function 0045CA60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00451070: SetEndOfFile.KERNEL32(?,?,0045CB3E,00000000,0045CCC9,?,00000000,00000002,00000002), ref: 00451077
                                                                                                                                                                    • FlushFileBuffers.KERNEL32(?), ref: 0045CC95
                                                                                                                                                                    Strings
                                                                                                                                                                    • NumRecs range exceeded, xrefs: 0045CB92
                                                                                                                                                                    • EndOffset range exceeded, xrefs: 0045CBC9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$BuffersFlush
                                                                                                                                                                    • String ID: EndOffset range exceeded$NumRecs range exceeded
                                                                                                                                                                    • API String ID: 3593489403-659731555
                                                                                                                                                                    • Opcode ID: 69559d5369597ea91ae9cee70a3000ef17ba892e4adcf601713595c8f1485f33
                                                                                                                                                                    • Instruction ID: 609741d3f79eabe780872f94ce4b5bf90fe53003262008b9b2f446b63576a9fa
                                                                                                                                                                    • Opcode Fuzzy Hash: 69559d5369597ea91ae9cee70a3000ef17ba892e4adcf601713595c8f1485f33
                                                                                                                                                                    • Instruction Fuzzy Hash: 6E615234A002588FDB25DF25D881BDAB7B5EF49305F0084DAED899B352D6B4AEC8CF54
                                                                                                                                                                    Function 00484978 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetForegroundWindow.USER32(00000000,00484B02,?,00000000,00484B43,?,?,?,?,00000000,00000000,00000000,?,0046CA59), ref: 004849B1
                                                                                                                                                                    • SetActiveWindow.USER32(?,00000000,00484B02,?,00000000,00484B43,?,?,?,?,00000000,00000000,00000000,?,0046CA59), ref: 004849C3
                                                                                                                                                                    Strings
                                                                                                                                                                    • Will not restart Windows automatically., xrefs: 00484AE2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$ActiveForeground
                                                                                                                                                                    • String ID: Will not restart Windows automatically.
                                                                                                                                                                    • API String ID: 307657957-4169339592
                                                                                                                                                                    • Opcode ID: c9c993bdde4408d4bafca46910d4f67dbffee6178d01296e48f25077ee304dc7
                                                                                                                                                                    • Instruction ID: e3ffbfa0a86cb08642d5b37a1a1eca219a4b332c0ee086946791bcc458de558f
                                                                                                                                                                    • Opcode Fuzzy Hash: c9c993bdde4408d4bafca46910d4f67dbffee6178d01296e48f25077ee304dc7
                                                                                                                                                                    • Instruction Fuzzy Hash: 64415930644245EFD714FFA6EC05B6E7BE4D795308F1948B7E8405B392E2BC9800971E
                                                                                                                                                                    Function 0049A490 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,0049A49E), ref: 0040334B
                                                                                                                                                                      • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,0049A49E), ref: 00403356
                                                                                                                                                                      • Part of subcall function 004063F4: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,0040668E,?,?,?,?,00000000,?,0049A4A8), ref: 0040640F
                                                                                                                                                                      • Part of subcall function 004063F4: GetVersion.KERNEL32(kernel32.dll,00000000,0040668E,?,?,?,?,00000000,?,0049A4A8), ref: 00406416
                                                                                                                                                                      • Part of subcall function 004063F4: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0040642B
                                                                                                                                                                      • Part of subcall function 004063F4: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00406453
                                                                                                                                                                      • Part of subcall function 00406814: 6F551CD0.COMCTL32(0049A4AD), ref: 00406814
                                                                                                                                                                      • Part of subcall function 00410BB4: GetCurrentThreadId.KERNEL32 ref: 00410C02
                                                                                                                                                                      • Part of subcall function 00419490: GetVersion.KERNEL32(0049A4C6), ref: 00419490
                                                                                                                                                                      • Part of subcall function 0044FD1C: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,0049A4DA), ref: 0044FD57
                                                                                                                                                                      • Part of subcall function 0044FD1C: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044FD5D
                                                                                                                                                                      • Part of subcall function 004501E8: GetVersionExA.KERNEL32(0049D794,0049A4DF), ref: 004501F7
                                                                                                                                                                      • Part of subcall function 00453934: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004539F2,?,?,?,?,00000000,00000000,?,0049A4EE), ref: 00453956
                                                                                                                                                                      • Part of subcall function 00453934: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0045395C
                                                                                                                                                                      • Part of subcall function 00453934: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004539F2,?,?,?,?,00000000,00000000,?,0049A4EE), ref: 00453970
                                                                                                                                                                      • Part of subcall function 00453934: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453976
                                                                                                                                                                      • Part of subcall function 00457850: GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004578AA
                                                                                                                                                                      • Part of subcall function 00465214: LoadLibraryA.KERNEL32(00000000,SHPathPrepareForWriteA,00000000,0046528A,?,?,?,?,00000000,00000000,?,0049A502), ref: 0046525F
                                                                                                                                                                      • Part of subcall function 00465214: GetProcAddress.KERNEL32(00000000,00000000), ref: 00465265
                                                                                                                                                                      • Part of subcall function 0046DAB0: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046DAFB
                                                                                                                                                                      • Part of subcall function 00479E68: GetModuleHandleA.KERNEL32(kernel32.dll,?,0049A50C), ref: 00479E6E
                                                                                                                                                                      • Part of subcall function 00479E68: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00479E7B
                                                                                                                                                                      • Part of subcall function 00479E68: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00479E8B
                                                                                                                                                                      • Part of subcall function 00485374: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00485485
                                                                                                                                                                      • Part of subcall function 0049749C: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 004974B5
                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000000,0049A554), ref: 0049A526
                                                                                                                                                                      • Part of subcall function 0049A250: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,0049A530,00000001,00000000,0049A554), ref: 0049A25A
                                                                                                                                                                      • Part of subcall function 0049A250: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0049A260
                                                                                                                                                                      • Part of subcall function 00424924: SendMessageA.USER32(?,0000B020,00000000,?), ref: 00424943
                                                                                                                                                                      • Part of subcall function 00424714: SetWindowTextA.USER32(?,00000000), ref: 0042472C
                                                                                                                                                                    • ShowWindow.USER32(?,00000005,00000000,0049A554), ref: 0049A587
                                                                                                                                                                      • Part of subcall function 004839B4: SetActiveWindow.USER32(?), ref: 00483A62
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleModule$VersionWindow$ActiveClipboardCommandCurrentErrorF551FormatLibraryLineLoadMessageModeRegisterSendShowTextThread
                                                                                                                                                                    • String ID: Setup
                                                                                                                                                                    • API String ID: 2300352135-3839654196
                                                                                                                                                                    • Opcode ID: cdfde2e51fe0698aa6b85e30c0a1c237bbea7d7fd99d79f8e074734ecee56c62
                                                                                                                                                                    • Instruction ID: 2627a5300f3eb19f067de96b875d46ae0be93d5911e26a22e66c9acfb87dca20
                                                                                                                                                                    • Opcode Fuzzy Hash: cdfde2e51fe0698aa6b85e30c0a1c237bbea7d7fd99d79f8e074734ecee56c62
                                                                                                                                                                    • Instruction Fuzzy Hash: AA31B3712046409EDB01BBB7AC1391D3BA8EB8971CB62487FF90486563DE3D5C24867F
                                                                                                                                                                    Function 0045418C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0045427B,?,?,00000000,0049D62C,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004541D2
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,?,00000000,0045427B,?,?,00000000,0049D62C,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004541DB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                    • String ID: .tmp
                                                                                                                                                                    • API String ID: 1375471231-2986845003
                                                                                                                                                                    • Opcode ID: fa273258b3ec56b456342b1cdfe136cd5b585a242879acb377c2eea90c105953
                                                                                                                                                                    • Instruction ID: f8da180511d522ff1cc3db6e91f047bd7ddaecfb92c8c1642a91e8309ff3a61b
                                                                                                                                                                    • Opcode Fuzzy Hash: fa273258b3ec56b456342b1cdfe136cd5b585a242879acb377c2eea90c105953
                                                                                                                                                                    • Instruction Fuzzy Hash: 19214E75A002189BDB01EFA1C8465DEB7BDEF44305F50457BF801B7382D67C5E458BA9
                                                                                                                                                                    Function 00485374 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00484E68: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00484E79
                                                                                                                                                                      • Part of subcall function 00484E68: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00484E86
                                                                                                                                                                      • Part of subcall function 00484E68: GetNativeSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00484E94
                                                                                                                                                                      • Part of subcall function 00484E68: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00484E9C
                                                                                                                                                                      • Part of subcall function 00484E68: GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00484EA8
                                                                                                                                                                      • Part of subcall function 00484E68: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00484EC9
                                                                                                                                                                      • Part of subcall function 00484E68: GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00484EDC
                                                                                                                                                                      • Part of subcall function 00484E68: GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 00484EE2
                                                                                                                                                                      • Part of subcall function 00485194: GetVersionExA.KERNEL32(?,004853AA,00000000,004854AA,?,?,?,?,00000000,00000000,?,0049A511), ref: 004851A2
                                                                                                                                                                      • Part of subcall function 00485194: GetVersionExA.KERNEL32(0000009C,?,004853AA,00000000,004854AA,?,?,?,?,00000000,00000000,?,0049A511), ref: 004851F4
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                      • Part of subcall function 0042E7E4: SetErrorMode.KERNEL32(00008000), ref: 0042E7EE
                                                                                                                                                                      • Part of subcall function 0042E7E4: LoadLibraryA.KERNEL32(00000000,00000000,0042E838,?,00000000,0042E856,?,00008000), ref: 0042E81D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00485485
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleModuleSystemVersion$CurrentDirectoryErrorInfoLibraryLoadModeNativeProcess
                                                                                                                                                                    • String ID: SHGetKnownFolderPath$shell32.dll
                                                                                                                                                                    • API String ID: 1303913335-2936008475
                                                                                                                                                                    • Opcode ID: 8d9af6f5cb47815f3ef02b670df531d4aca205f4dd503ff5ab0741a2b0aad5e0
                                                                                                                                                                    • Instruction ID: 7070cd684f6103364e9f8a31a7d8965128adaac247882cc77746aeeddc076857
                                                                                                                                                                    • Opcode Fuzzy Hash: 8d9af6f5cb47815f3ef02b670df531d4aca205f4dd503ff5ab0741a2b0aad5e0
                                                                                                                                                                    • Instruction Fuzzy Hash: F9215E70600200ABC711FFAF995674E37A4EB9570CB51993FF400AB2D1D77DA8059B6E
                                                                                                                                                                    Function 004559F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ShellExecuteEx.SHELL32(0000003C), ref: 00455A94
                                                                                                                                                                    • GetLastError.KERNEL32(0000003C,00000000,00455ADD,?,?,?), ref: 00455AA5
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DirectoryErrorExecuteLastShellSystem
                                                                                                                                                                    • String ID: <
                                                                                                                                                                    • API String ID: 893404051-4251816714
                                                                                                                                                                    • Opcode ID: 727881963795381afbdbd8b1b7e90e367c830544cfb0d9f207e4e9fb51ceba80
                                                                                                                                                                    • Instruction ID: 1dd1e4a4b05f96b02f6cdc30b2026c57645841094811f513de853399c4f5318c
                                                                                                                                                                    • Opcode Fuzzy Hash: 727881963795381afbdbd8b1b7e90e367c830544cfb0d9f207e4e9fb51ceba80
                                                                                                                                                                    • Instruction Fuzzy Hash: 482151B0A00649AFDB00DF65D8926AE7BE8EF08345F50413BF844E7281E7789E49CB58
                                                                                                                                                                    Function 00457850 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004577E0: CoInitialize.OLE32(00000000), ref: 004577E6
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                      • Part of subcall function 0042E7E4: SetErrorMode.KERNEL32(00008000), ref: 0042E7EE
                                                                                                                                                                      • Part of subcall function 0042E7E4: LoadLibraryA.KERNEL32(00000000,00000000,0042E838,?,00000000,0042E856,?,00008000), ref: 0042E81D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004578AA
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressDirectoryErrorInitializeLibraryLoadModeProcSystem
                                                                                                                                                                    • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                                                                                                                    • API String ID: 1013667774-2320870614
                                                                                                                                                                    • Opcode ID: f768b6972bd4a9b7486ce10d9acfcd5e81d127b13faf4c2cc7ed9affc27adf63
                                                                                                                                                                    • Instruction ID: 9566a5db5de29e1f96e1247fa15de811f0c6c8f84fbefe9709ba2c3b4718617c
                                                                                                                                                                    • Opcode Fuzzy Hash: f768b6972bd4a9b7486ce10d9acfcd5e81d127b13faf4c2cc7ed9affc27adf63
                                                                                                                                                                    • Instruction Fuzzy Hash: 4DF03670604608BBE701FBA6E842F5D7BACDB45759F604477B800A6592D67CAE04C92D
                                                                                                                                                                    Function 0046DAB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                      • Part of subcall function 0042E7E4: SetErrorMode.KERNEL32(00008000), ref: 0042E7EE
                                                                                                                                                                      • Part of subcall function 0042E7E4: LoadLibraryA.KERNEL32(00000000,00000000,0042E838,?,00000000,0042E856,?,00008000), ref: 0042E81D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046DAFB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressDirectoryErrorLibraryLoadModeProcSystem
                                                                                                                                                                    • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                                                                                    • API String ID: 2552568031-2683653824
                                                                                                                                                                    • Opcode ID: d5f4c7af768d16b3b5c6a86f87ef45a876fa3cc5c322967070caf22bd86c78e1
                                                                                                                                                                    • Instruction ID: 91b75a77547c13e1772f921c750cf7bd45708da1ec0dc58a0f4cb33c0377533c
                                                                                                                                                                    • Opcode Fuzzy Hash: d5f4c7af768d16b3b5c6a86f87ef45a876fa3cc5c322967070caf22bd86c78e1
                                                                                                                                                                    • Instruction Fuzzy Hash: B5F04430B04608BBD700EF52DC52F5DBBACEB45B14FA14076B40067595E678AE048A2D
                                                                                                                                                                    Function 0047D8E4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0047DC36,00000000,0047DC4C), ref: 0047D946
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close
                                                                                                                                                                    • String ID: RegisteredOrganization$RegisteredOwner
                                                                                                                                                                    • API String ID: 3535843008-1113070880
                                                                                                                                                                    • Opcode ID: 9457630586559cfb7e194a626f7ed99069e1973a1d9648e0d13679cb2f752d42
                                                                                                                                                                    • Instruction ID: 03cfcff152a519ea80d4f5543ba1c5a79f91faf414c5488bd5ec988fdc31f9f9
                                                                                                                                                                    • Opcode Fuzzy Hash: 9457630586559cfb7e194a626f7ed99069e1973a1d9648e0d13679cb2f752d42
                                                                                                                                                                    • Instruction Fuzzy Hash: B6F0BBB0B042449BDB04D667AC93BDB37B9CB41308F24847BA2459B392D67C9D00D75D
                                                                                                                                                                    Function 004763E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0047661B), ref: 00476409
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0047661B), ref: 00476420
                                                                                                                                                                      • Part of subcall function 00453C04: GetLastError.KERNEL32(00000000,00454799,00000005,00000000,004547CE,?,?,00000000,0049D62C,00000004,00000000,00000000,00000000,?,00499C8D,00000000), ref: 00453C07
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                    • String ID: CreateFile
                                                                                                                                                                    • API String ID: 2528220319-823142352
                                                                                                                                                                    • Opcode ID: dd8225514a20219c9d9a7d85a5071aa5a5a7601470f84d5502f3a16bbc7066bd
                                                                                                                                                                    • Instruction ID: 7bcc5fcb2fff494360280e2963ad1350d0a4ff74aab44489db68ce07f01780cc
                                                                                                                                                                    • Opcode Fuzzy Hash: dd8225514a20219c9d9a7d85a5071aa5a5a7601470f84d5502f3a16bbc7066bd
                                                                                                                                                                    • Instruction Fuzzy Hash: CDE06D302403447BEA20EB69DCC6F4A77D89B04738F108161FA48AF3E2C6B9EC408A5C
                                                                                                                                                                    Function 0046FCCC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0047034A,?,?,00000000,00470532,?,_is1,?), ref: 0046FCDF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Value
                                                                                                                                                                    • String ID: NoModify$I
                                                                                                                                                                    • API String ID: 3702945584-1047506205
                                                                                                                                                                    • Opcode ID: 3b8341a2778ff8ba3f6fd97ccb953c8a619a9620ee14e4a078d82245842b3605
                                                                                                                                                                    • Instruction ID: 74656710be1799963dacf24c43606be2f52e229709c8467fcc2139d849b5a3c3
                                                                                                                                                                    • Opcode Fuzzy Hash: 3b8341a2778ff8ba3f6fd97ccb953c8a619a9620ee14e4a078d82245842b3605
                                                                                                                                                                    • Instruction Fuzzy Hash: 1AE04FB0640308BFEB04DB55DD4AF6BB7ACDB48750F104059BA44DB381EA74FE008658
                                                                                                                                                                    Function 00483068 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemMenu.USER32(00000000,00000000,00000000,004831A0), ref: 00483138
                                                                                                                                                                    • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00483149
                                                                                                                                                                    • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00483161
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Menu$Append$System
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1489644407-0
                                                                                                                                                                    • Opcode ID: b1581a0f06f3993262020228058a878573e1761b052ad4db3e08fed4fbd829c7
                                                                                                                                                                    • Instruction ID: 62bbcf7b8eda1c1d1fe504de26200215c04982407344b62899e0b3f82f18d8db
                                                                                                                                                                    • Opcode Fuzzy Hash: b1581a0f06f3993262020228058a878573e1761b052ad4db3e08fed4fbd829c7
                                                                                                                                                                    • Instruction Fuzzy Hash: 6431B0707083445AD710FF368C86B9E7A945B55B08F44593FB9009B3E3CA7D9E09876D
                                                                                                                                                                    Function 0044B82C Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0044B8A1
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 0044B8C4
                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0044B8F7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ObjectReleaseSelect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1831053106-0
                                                                                                                                                                    • Opcode ID: aebefea9080a2ffce71cc44d900bb6067fbd40711943de4e6aa6f899a124bbe5
                                                                                                                                                                    • Instruction ID: 488fbe92d3dbd6553530e1f28a7071e145c326c324a604cd7e83169de99d3e99
                                                                                                                                                                    • Opcode Fuzzy Hash: aebefea9080a2ffce71cc44d900bb6067fbd40711943de4e6aa6f899a124bbe5
                                                                                                                                                                    • Instruction Fuzzy Hash: B321A470E043086FEB05EFA5C841B9EBBB8EB48304F0184BAF504A6292D73CD940CB58
                                                                                                                                                                    Function 0044B560 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044B5EC,?,004839CF,?,?), ref: 0044B5BE
                                                                                                                                                                    • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044B5D1
                                                                                                                                                                    • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044B605
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DrawText$ByteCharMultiWide
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 65125430-0
                                                                                                                                                                    • Opcode ID: 220ba5cac8d50b27136c7947ff428b4d5b30f8bb344e0136b885afe7086c5f85
                                                                                                                                                                    • Instruction ID: c4c5e2dbcf53f363daa0ac06871d419456bbfc1076f0fbe0a6f7c1d9791685bd
                                                                                                                                                                    • Opcode Fuzzy Hash: 220ba5cac8d50b27136c7947ff428b4d5b30f8bb344e0136b885afe7086c5f85
                                                                                                                                                                    • Instruction Fuzzy Hash: 1011CBB27045047FE711DB5A9C81D6FB7ECEB89714F10417BF514D72D0D6389E018669
                                                                                                                                                                    Function 0042484C Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00424862
                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 004248DF
                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 004248E9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message$DispatchPeekTranslate
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4217535847-0
                                                                                                                                                                    • Opcode ID: 1d5f45652bc976909b78a8fda5e55899e4ac3f100e933d79a059951e0026f3ac
                                                                                                                                                                    • Instruction ID: c7af1bd1b10d32b98fa997e15213bd70182e4a6faef26a56c53dd2d0e562e7a0
                                                                                                                                                                    • Opcode Fuzzy Hash: 1d5f45652bc976909b78a8fda5e55899e4ac3f100e933d79a059951e0026f3ac
                                                                                                                                                                    • Instruction Fuzzy Hash: 7111C4343143905AEA20F664A94179B73D4DFD1B04F81481FF8D947382D3BD9D49876B
                                                                                                                                                                    Function 00416A94 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetPropA.USER32(00000000,00000000), ref: 00416ABA
                                                                                                                                                                    • SetPropA.USER32(00000000,00000000), ref: 00416ACF
                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 00416AF6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Prop$Window
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3363284559-0
                                                                                                                                                                    • Opcode ID: 120d831fd0e7c0f5eedd88e24305ab6ef8b5e2b9243d669fe5121d0f27645725
                                                                                                                                                                    • Instruction ID: ba7ff3a79511e9fd345c6eb2e7309737472e1a66b8435aad7f351e84ed883601
                                                                                                                                                                    • Opcode Fuzzy Hash: 120d831fd0e7c0f5eedd88e24305ab6ef8b5e2b9243d669fe5121d0f27645725
                                                                                                                                                                    • Instruction Fuzzy Hash: 24F0B271701210ABD710AB698C85FA636ECAF0D755F16417ABA05EF286C679DC4087A8
                                                                                                                                                                    Function 0041F2A4 Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0041F2B4
                                                                                                                                                                    • IsWindowEnabled.USER32(?), ref: 0041F2BE
                                                                                                                                                                    • EnableWindow.USER32(?,00000000), ref: 0041F2E4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$EnableEnabledVisible
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3234591441-0
                                                                                                                                                                    • Opcode ID: f8c63cb9eb03fe3057432f7fc847cbb230a844cb3caf0d06e376941515be7c19
                                                                                                                                                                    • Instruction ID: f88b3158499dd9289c75302ad3040ea965d59b676cda83e5cbf87f6be83bac28
                                                                                                                                                                    • Opcode Fuzzy Hash: f8c63cb9eb03fe3057432f7fc847cbb230a844cb3caf0d06e376941515be7c19
                                                                                                                                                                    • Instruction Fuzzy Hash: 56E06D74200200ABE310AB26ED81A56779CEB10314F118437A849AB293D63AD8458ABC
                                                                                                                                                                    Function 00484808 Relevance: 4.5, APIs: 3, Instructions: 25threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetForegroundWindow.USER32(00000000,00000000,?,?,0048486D,?,00484952,?,?,00000000), ref: 0048480E
                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 00484820
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,00000000,00000000,?,?,0048486D,?,00484952,?,?,00000000), ref: 00484829
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProcessWindow$CurrentForegroundThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3477312055-0
                                                                                                                                                                    • Opcode ID: 9f51dd0a086dfbcb1114822517b22dcc69f79606d1d2df2038485f7abb79e1d8
                                                                                                                                                                    • Instruction ID: 1f5535e564554d04b279d15e2d0f53a7c3fa56dd59ea92930bb6cd4aac111565
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f51dd0a086dfbcb1114822517b22dcc69f79606d1d2df2038485f7abb79e1d8
                                                                                                                                                                    • Instruction Fuzzy Hash: 79D01273506A2A7E6610F5E96D81CAFB39CD900758714017BF904A2241EA299E0486BD
                                                                                                                                                                    Function 0046ABA0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetActiveWindow.USER32(?), ref: 0046ACB1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ActiveWindow
                                                                                                                                                                    • String ID: PrepareToInstall
                                                                                                                                                                    • API String ID: 2558294473-1101760603
                                                                                                                                                                    • Opcode ID: af0ab7a5ac2ffeb14c41136b45c350a31b01809bc414c92ed106cebc834d7d8e
                                                                                                                                                                    • Instruction ID: fdee18710babf5e336c1910aeb408bf0e6a903f892d838ad66a8bf575b9628a0
                                                                                                                                                                    • Opcode Fuzzy Hash: af0ab7a5ac2ffeb14c41136b45c350a31b01809bc414c92ed106cebc834d7d8e
                                                                                                                                                                    • Instruction Fuzzy Hash: 90A10C74A00109DFCB00EF99D886E9EB7F5AF48304F5540B6E404AB366D738AE45DB5A
                                                                                                                                                                    Function 0046D17C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: /:*?"<>|
                                                                                                                                                                    • API String ID: 0-4078764451
                                                                                                                                                                    • Opcode ID: ceb3f76dddb8c4f3c05b9d1c15b0c50ece1c75124130fc1418fa8c0e44e40a18
                                                                                                                                                                    • Instruction ID: f677315d7a897bddb44220e636167c4a4d5a92338f94b0a6c85659efeb8beb4e
                                                                                                                                                                    • Opcode Fuzzy Hash: ceb3f76dddb8c4f3c05b9d1c15b0c50ece1c75124130fc1418fa8c0e44e40a18
                                                                                                                                                                    • Instruction Fuzzy Hash: 95719770F04208ABDB10EB66DC92F9E77A15B41308F1480A7F900BB392E6B99D45875F
                                                                                                                                                                    Function 004839B4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetActiveWindow.USER32(?), ref: 00483A62
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ActiveWindow
                                                                                                                                                                    • String ID: InitializeWizard
                                                                                                                                                                    • API String ID: 2558294473-2356795471
                                                                                                                                                                    • Opcode ID: d1cb0284e50e15acf1046f38022027e92a17c76ddd73bc2d801304045291ab38
                                                                                                                                                                    • Instruction ID: 9a8fbe648e99d25b3c1ebd2b051959da3f81131ff902f8f70686133b91dd172c
                                                                                                                                                                    • Opcode Fuzzy Hash: d1cb0284e50e15acf1046f38022027e92a17c76ddd73bc2d801304045291ab38
                                                                                                                                                                    • Instruction Fuzzy Hash: BD119170608104DFD704EF2AFC85B597BE8E714718F22847BE544872A2EBB96D00DB6D
                                                                                                                                                                    Function 00402E70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlUnwind.KERNEL32(?,?,Function_00002E70,00000000,?,?,Function_00002E70,?), ref: 00402EDC
                                                                                                                                                                      • Part of subcall function 00402D90: RaiseException.KERNEL32(0EEDFAD4,00000000,00000002), ref: 00402DA6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionRaiseUnwind
                                                                                                                                                                    • String ID: /@
                                                                                                                                                                    • API String ID: 478881706-2472096700
                                                                                                                                                                    • Opcode ID: 499441b971b57391d74a26d503e0120d5b334c1de8607420bc0463d9fe128394
                                                                                                                                                                    • Instruction ID: 9ce5d78024ec260da94c0a854ad992de276e46e661de1c3f6cf596ac2f908521
                                                                                                                                                                    • Opcode Fuzzy Hash: 499441b971b57391d74a26d503e0120d5b334c1de8607420bc0463d9fe128394
                                                                                                                                                                    • Instruction Fuzzy Hash: 260139B0200201AFD310DB55CA89F27B7F9EF88744F15C5B9B508672E1C774EC40CA69
                                                                                                                                                                    Function 0047D800 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,0047DA4C,00000000,0047DC4C), ref: 0047D845
                                                                                                                                                                    Strings
                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion, xrefs: 0047D815
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                                                                                                                    • API String ID: 47109696-1019749484
                                                                                                                                                                    • Opcode ID: 8582a0812e687b99b4010e427de3579a0a85b4eba5dd20bce05beee30ead869a
                                                                                                                                                                    • Instruction ID: 9e1ac37bc360ea69ca44dde089ba04ba4b826bb97de6a423fadd5e819c649f8f
                                                                                                                                                                    • Opcode Fuzzy Hash: 8582a0812e687b99b4010e427de3579a0a85b4eba5dd20bce05beee30ead869a
                                                                                                                                                                    • Instruction Fuzzy Hash: 09F08231B04114A7DB00B69A9C42BAEA7AC8F84758F20807BF519EB242D9B99E0143AD
                                                                                                                                                                    Function 0042E26C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    Strings
                                                                                                                                                                    • System\CurrentControlSet\Control\Windows, xrefs: 0042E286
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open
                                                                                                                                                                    • String ID: System\CurrentControlSet\Control\Windows
                                                                                                                                                                    • API String ID: 71445658-1109719901
                                                                                                                                                                    • Opcode ID: ba599b357b8d4751e1ab922ebb55064d8a8854d38c942fc45e646e4ab9ecaa7b
                                                                                                                                                                    • Instruction ID: 65e6a506820a5022674633d18044d67bbd02e357da0c4a821f6ebd0b5300d4b8
                                                                                                                                                                    • Opcode Fuzzy Hash: ba599b357b8d4751e1ab922ebb55064d8a8854d38c942fc45e646e4ab9ecaa7b
                                                                                                                                                                    • Instruction Fuzzy Hash: B7D09272910228BBAB009A89DC41DFB77ADDB1A760F80806AF91897241D2B4AC519BF4
                                                                                                                                                                    Function 0047F778 Relevance: 3.2, APIs: 2, Instructions: 160windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetACP.KERNEL32(?,?,00000001,00000000,0047FA57,?,-0000001A,00481956,-00000010,?,00000004,0000001C,00000000,00481CA3,?,0045E364), ref: 0047F7EE
                                                                                                                                                                      • Part of subcall function 0042E76C: GetDC.USER32(00000000), ref: 0042E77B
                                                                                                                                                                      • Part of subcall function 0042E76C: EnumFontsA.GDI32(?,00000000,0042E758,00000000,00000000,0042E7C4,?,00000000,00000000,?,?,00000001,00000000,00000002,00000000,00482671), ref: 0042E7A6
                                                                                                                                                                      • Part of subcall function 0042E76C: ReleaseDC.USER32(00000000,?), ref: 0042E7BE
                                                                                                                                                                    • SendNotifyMessageA.USER32(00010432,00000496,00002711,-00000001), ref: 0047F9BE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: EnumFontsMessageNotifyReleaseSend
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2649214853-0
                                                                                                                                                                    • Opcode ID: f63ddfb2871cf1e66e6cb65ad1930d9627398cbe91e727e5a4f1e93d11453290
                                                                                                                                                                    • Instruction ID: 2351f95844d6f0f86e4a4553bb1ee5652cba21286aa46acec5315b7e6dd2a420
                                                                                                                                                                    • Opcode Fuzzy Hash: f63ddfb2871cf1e66e6cb65ad1930d9627398cbe91e727e5a4f1e93d11453290
                                                                                                                                                                    • Instruction Fuzzy Hash: 865196B46001009BD710FF26D98179A37A9EB54309B50C53BA4099F3A7CB3CED4ACB9E
                                                                                                                                                                    Function 00402088 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlEnterCriticalSection.KERNEL32(0049D420,00000000,004021FC), ref: 004020CB
                                                                                                                                                                      • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049D420,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                                                      • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049D420,0049D420,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                                                      • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049D420,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                                                      • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049D420,00401A89,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 296031713-0
                                                                                                                                                                    • Opcode ID: d8e299963bb2c4fed4ff4e3414f532efba3796fb7efe986e1124fe849202073f
                                                                                                                                                                    • Instruction ID: 28de6049d60bc6243b4bd9e8b7e4b04bc6e7afcf6678d0e749794f980a6998b8
                                                                                                                                                                    • Opcode Fuzzy Hash: d8e299963bb2c4fed4ff4e3414f532efba3796fb7efe986e1124fe849202073f
                                                                                                                                                                    • Instruction Fuzzy Hash: 3D41C4B2E003019FDB10CF69DE8521A77A4F7A9328F15417BD954A77E1D378A842CB48
                                                                                                                                                                    Function 0042E050 Relevance: 3.1, APIs: 2, Instructions: 113registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,0042E188), ref: 0042E08C
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,70000000,?,?,00000000,?,00000000,?,00000000,0042E188), ref: 0042E0FC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                                                    • Opcode ID: fb659fd4e3abd397cfb8b0300bb5eb5c22831bf077ba98013b241e0a6da047f3
                                                                                                                                                                    • Instruction ID: f9a1da9ca9b7937b0bb3d9b331acc3eaa2fb365deabda7ea02547e95fe34f262
                                                                                                                                                                    • Opcode Fuzzy Hash: fb659fd4e3abd397cfb8b0300bb5eb5c22831bf077ba98013b241e0a6da047f3
                                                                                                                                                                    • Instruction Fuzzy Hash: 77415E71E00129ABDB11DF92D881BBFB7B9EB01704F944576E814F7281D778AE01CBA9
                                                                                                                                                                    Function 0042E310 Relevance: 3.1, APIs: 2, Instructions: 111registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,0042E426,?,?,00000008,00000000,00000000,0042E453), ref: 0042E3BC
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,0042E42D,?,00000000,00000000,00000000,00000000,00000000,0042E426,?,?,00000008,00000000,00000000,0042E453), ref: 0042E420
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseEnum
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2818636725-0
                                                                                                                                                                    • Opcode ID: 8e38e26ea7d12c4b22edeb5b587879abd38fc7d3cd9d2886f944fb4bc6bb0f2e
                                                                                                                                                                    • Instruction ID: a18f9d464683a8b418f1d9d9c182c699679c3713f239d59a614a00dbe2042668
                                                                                                                                                                    • Opcode Fuzzy Hash: 8e38e26ea7d12c4b22edeb5b587879abd38fc7d3cd9d2886f944fb4bc6bb0f2e
                                                                                                                                                                    • Instruction Fuzzy Hash: 3E318670B04254AFDB11EBA3EC52BBFBBB9EB45305F90447BE500B3291D6785E01CA29
                                                                                                                                                                    Function 00452F2C Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,00000000,?,?,00458A74,00000000,00458A5C,?,?,?,00000000,00452FA6,?,?,?,00000001), ref: 00452F80
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,?,?,00458A74,00000000,00458A5C,?,?,?,00000000,00452FA6,?,?,?,00000001), ref: 00452F88
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateErrorLastProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2919029540-0
                                                                                                                                                                    • Opcode ID: 1398244007b20135f5cbcb84ec70d62da1e947103cbbdaeddf7845a69a56a8f1
                                                                                                                                                                    • Instruction ID: 1642ece03f316e66375c060ca7626bc18a341a32778e3b1f8c5ba0bc81bd916e
                                                                                                                                                                    • Opcode Fuzzy Hash: 1398244007b20135f5cbcb84ec70d62da1e947103cbbdaeddf7845a69a56a8f1
                                                                                                                                                                    • Instruction Fuzzy Hash: E7112772A04208AF8B40DEA9ED41D9FB7ECEB4E310B11456BBD08D3241D678AD159B68
                                                                                                                                                                    Function 0040B228 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040B242
                                                                                                                                                                    • FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040B39F,00000000,0040B3B7,?,?,?,00000000), ref: 0040B253
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Resource$FindFree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4097029671-0
                                                                                                                                                                    • Opcode ID: ccfb53ccaaecadb89aef38a6b87b21aaaa45f6b87b20848e9e6dd1c8ee0e0d8f
                                                                                                                                                                    • Instruction ID: 99f6b945ddddc3ffa7954b5b99b0f089effa67c77682540e1bcd22500dccd1d0
                                                                                                                                                                    • Opcode Fuzzy Hash: ccfb53ccaaecadb89aef38a6b87b21aaaa45f6b87b20848e9e6dd1c8ee0e0d8f
                                                                                                                                                                    • Instruction Fuzzy Hash: 9101F7717043006FE700EF69DC52D1A77ADDB89718711807AF500EB2D0D63D9C0196AD
                                                                                                                                                                    Function 0041F2F4 Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0041F343
                                                                                                                                                                    • EnumThreadWindows.USER32(00000000,0041F2A4,00000000), ref: 0041F349
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Thread$CurrentEnumWindows
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2396873506-0
                                                                                                                                                                    • Opcode ID: 26a01034718a754fac2428515d88d868d648ddf0343dd67eaafc6563d075de98
                                                                                                                                                                    • Instruction ID: ded2603fe903b3ccb75c053802ed51acc4a1ef0e0cc57bb05547c7342bcbb188
                                                                                                                                                                    • Opcode Fuzzy Hash: 26a01034718a754fac2428515d88d868d648ddf0343dd67eaafc6563d075de98
                                                                                                                                                                    • Instruction Fuzzy Hash: B2016D74A04B08BFD301CF66ED1195ABBF8F749724B22C877E854D3AA0E73459119E58
                                                                                                                                                                    Function 004533C4 Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MoveFileA.KERNEL32(00000000,00000000), ref: 00453406
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,0045342C), ref: 0045340E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastMove
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 55378915-0
                                                                                                                                                                    • Opcode ID: 1548faf8a9677bd12e98f2e2d243f9d82652a592f520366f9bcd72908c48431c
                                                                                                                                                                    • Instruction ID: 0cc30b72992c59045a3cb8216ce3619e412531a307d766600c380e57d1775dbb
                                                                                                                                                                    • Opcode Fuzzy Hash: 1548faf8a9677bd12e98f2e2d243f9d82652a592f520366f9bcd72908c48431c
                                                                                                                                                                    • Instruction Fuzzy Hash: 6101D671B04204BB8701EFB9AC4249EB7ECDB49766760457BFC04E3242EA789F088558
                                                                                                                                                                    Function 00452EB4 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00452F13), ref: 00452EED
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00452F13), ref: 00452EF5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1375471231-0
                                                                                                                                                                    • Opcode ID: 7cb2c570ac219d0ee22c88f96f5bf87a62d98c3fd0f6f1ca7cf3871b5df67843
                                                                                                                                                                    • Instruction ID: 89335b5e5455deb896f2d2efe83bb95299e3db0618b413de6719cdd134c6b725
                                                                                                                                                                    • Opcode Fuzzy Hash: 7cb2c570ac219d0ee22c88f96f5bf87a62d98c3fd0f6f1ca7cf3871b5df67843
                                                                                                                                                                    • Instruction Fuzzy Hash: CEF02872A04304BBCB01EF75AD0259EB3E8DB0A321B5045BBFC04E3282E7B94E049698
                                                                                                                                                                    Function 0042368C Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F00), ref: 00423699
                                                                                                                                                                    • LoadCursorA.USER32(00000000,00000000), ref: 004236C3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CursorLoad
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3238433803-0
                                                                                                                                                                    • Opcode ID: f140cec9cfa9b30dc2305244e4258a11cf30c4d8c1b352010c949b8b0dda8ca8
                                                                                                                                                                    • Instruction ID: 05fd857f6409e6a60644ea24615d01c87e42662e453bf4d6e4e1dfbb00014e4e
                                                                                                                                                                    • Opcode Fuzzy Hash: f140cec9cfa9b30dc2305244e4258a11cf30c4d8c1b352010c949b8b0dda8ca8
                                                                                                                                                                    • Instruction Fuzzy Hash: F2F0A7517002107ADA205E3E6CC0A2A72ADCBC1735B61437BFA2AE73D1C72D5D45556D
                                                                                                                                                                    Function 0042E7E4 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetErrorMode.KERNEL32(00008000), ref: 0042E7EE
                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,00000000,0042E838,?,00000000,0042E856,?,00008000), ref: 0042E81D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLibraryLoadMode
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2987862817-0
                                                                                                                                                                    • Opcode ID: 9b4fdb90dd8f6dfc429e23110810c204407b66d19ffb3595c1bc568b2ae7c347
                                                                                                                                                                    • Instruction ID: 76a16bdd6934cf9e499703eeb82aeaab1faf94a78ecb328ba4f7015bbedd62a6
                                                                                                                                                                    • Opcode Fuzzy Hash: 9b4fdb90dd8f6dfc429e23110810c204407b66d19ffb3595c1bc568b2ae7c347
                                                                                                                                                                    • Instruction Fuzzy Hash: 13F08270B14744BEDB116F779C6282BBBECE749B1079348B6F800A3A91E63C4C10C968
                                                                                                                                                                    Function 0046EE04 Relevance: 3.0, APIs: 2, Instructions: 28comCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersion.KERNEL32(?,0046EE9A), ref: 0046EE0E
                                                                                                                                                                    • CoCreateInstance.OLE32(0049BB9C,00000000,00000001,0049BBAC,?,?,0046EE9A), ref: 0046EE2A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateInstanceVersion
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1462612201-0
                                                                                                                                                                    • Opcode ID: 780da2f8f06851a502736db72271cf8d77c3ee5523c6db3b3ed376e5da340fe9
                                                                                                                                                                    • Instruction ID: 784abeb2b863a263b0685f2ce256345c834679a9cfc70721c753cc97000ad865
                                                                                                                                                                    • Opcode Fuzzy Hash: 780da2f8f06851a502736db72271cf8d77c3ee5523c6db3b3ed376e5da340fe9
                                                                                                                                                                    • Instruction Fuzzy Hash: 2AF0E534241310EEFB11E72BDC4AB4A3BC4AB25714F14403BF144972A1E3EE94808B6F
                                                                                                                                                                    Function 0047DB95 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SHGetKnownFolderPath.SHELL32(0049BD54,00008000,00000000,?), ref: 0047DBA5
                                                                                                                                                                    • CoTaskMemFree.OLE32(?,0047DBE8), ref: 0047DBDB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FolderFreeKnownPathTask
                                                                                                                                                                    • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                                                                                    • API String ID: 969438705-544719455
                                                                                                                                                                    • Opcode ID: 40c9fceec1849ef55c2d9e9b165fa2d81ca6f89bfe3325e062340eef34f4dc70
                                                                                                                                                                    • Instruction ID: 547cb950fcd41f41a68947569da9652c82defc7c7397c5e87919afd81bca1a0c
                                                                                                                                                                    • Opcode Fuzzy Hash: 40c9fceec1849ef55c2d9e9b165fa2d81ca6f89bfe3325e062340eef34f4dc70
                                                                                                                                                                    • Instruction Fuzzy Hash: F5E06534714640BEEB119A619D12B5977B8EB85B04FB28476F50496690D678A9009A18
                                                                                                                                                                    Function 0045103C Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,?,00000002,?,?,00470FA5,?,00000000), ref: 00451052
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000002,?,?,00470FA5,?,00000000), ref: 0045105A
                                                                                                                                                                      • Part of subcall function 00450DF8: GetLastError.KERNEL32(00450C14,00450EBA,?,00000000,?,00499714,00000001,00000000,00000002,00000000,00499875,?,?,00000005,00000000,004998A9), ref: 00450DFB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$FilePointer
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1156039329-0
                                                                                                                                                                    • Opcode ID: 57e3a47998fe8597b6042e5f5bf28c6be865df3206a1389c22972bb96d3862bd
                                                                                                                                                                    • Instruction ID: e16622de0e040581c0824a6ac5d1d77e375427595308dce999b5737054ed6bda
                                                                                                                                                                    • Opcode Fuzzy Hash: 57e3a47998fe8597b6042e5f5bf28c6be865df3206a1389c22972bb96d3862bd
                                                                                                                                                                    • Instruction Fuzzy Hash: 86E012B5344201ABE700FAB599C1F2B22DCDB44755F10846AF944DA187D674DC498B35
                                                                                                                                                                    Function 0048483C Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00484846
                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 0048483D
                                                                                                                                                                      • Part of subcall function 00484808: GetForegroundWindow.USER32(00000000,00000000,?,?,0048486D,?,00484952,?,?,00000000), ref: 0048480E
                                                                                                                                                                      • Part of subcall function 00484808: GetWindowThreadProcessId.USER32(00000000,?), ref: 00484820
                                                                                                                                                                      • Part of subcall function 00484808: GetCurrentProcessId.KERNEL32(00000000,?,00000000,00000000,?,?,0048486D,?,00484952,?,?,00000000), ref: 00484829
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CountProcessTickWindow$CurrentForegroundThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 711787588-0
                                                                                                                                                                    • Opcode ID: b5012c5d5f67b50791137d02010e47c7c65d22dc99dd8034a83b9399e6e836ec
                                                                                                                                                                    • Instruction ID: 15379a2e01471303efff648884838df7c38ffaa6109914de87cf785516410688
                                                                                                                                                                    • Opcode Fuzzy Hash: b5012c5d5f67b50791137d02010e47c7c65d22dc99dd8034a83b9399e6e836ec
                                                                                                                                                                    • Instruction Fuzzy Hash: 76D0A94C61028305CD00BBB3828622D01409FC031DF000C3FB80A9B283DE1C8100833F
                                                                                                                                                                    Function 004014E4 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Virtual$AllocFree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2087232378-0
                                                                                                                                                                    • Opcode ID: 7e62aa1badbe9b7bec7abb2084251aae76f03f49734707af951965b808a3b35c
                                                                                                                                                                    • Instruction ID: a6323659c4e3f22e280215c11bf30f87fcb27bed7f3312751ebcd43238c0638b
                                                                                                                                                                    • Opcode Fuzzy Hash: 7e62aa1badbe9b7bec7abb2084251aae76f03f49734707af951965b808a3b35c
                                                                                                                                                                    • Instruction Fuzzy Hash: CCF08272A0063067EB60596A4C81B5359849BC5794F154076FD09FF3E9D6B58C0142A9
                                                                                                                                                                    Function 00408A2C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemDefaultLCID.KERNEL32(00000000,00408B62), ref: 00408A4B
                                                                                                                                                                      • Part of subcall function 0040723C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00407259
                                                                                                                                                                      • Part of subcall function 004089B8: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049D4C4,00000001,?,00408A83,?,00000000,00408B62), ref: 004089D6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1658689577-0
                                                                                                                                                                    • Opcode ID: bb57ecfbcf6c99401787c1e244de85808a7a992296f2a947b18206caa06ad51e
                                                                                                                                                                    • Instruction ID: 2280d21d464d6860fad4d2303e4b2489916fa30e512bd771d5ffef80d8a4ef38
                                                                                                                                                                    • Opcode Fuzzy Hash: bb57ecfbcf6c99401787c1e244de85808a7a992296f2a947b18206caa06ad51e
                                                                                                                                                                    • Instruction Fuzzy Hash: F6315275E001099BCF00EF95C8819EEB779EF84314F51857BE815BB385E738AE058B99
                                                                                                                                                                    Function 0041FFEC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetScrollInfo.USER32(00000000,?,?,00000001), ref: 00420089
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoScroll
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 629608716-0
                                                                                                                                                                    • Opcode ID: 3edf798da742a1a67383ead948891c4ca252191c32eeff7b634738f170ced4ea
                                                                                                                                                                    • Instruction ID: a69ccf46589f52d523cedfa5b555af8e95575bce60e7416ef6aeac4177a5bf43
                                                                                                                                                                    • Opcode Fuzzy Hash: 3edf798da742a1a67383ead948891c4ca252191c32eeff7b634738f170ced4ea
                                                                                                                                                                    • Instruction Fuzzy Hash: BA2151B1604755AFD340DF39A440767BBE4BB48344F04892EE098C3342E775E995CBD6
                                                                                                                                                                    Function 0046D110 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0041F2F4: GetCurrentThreadId.KERNEL32 ref: 0041F343
                                                                                                                                                                      • Part of subcall function 0041F2F4: EnumThreadWindows.USER32(00000000,0041F2A4,00000000), ref: 0041F349
                                                                                                                                                                    • SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,0046D16E,?,00000000,?,?,0046D380,?,00000000,0046D3F4), ref: 0046D152
                                                                                                                                                                      • Part of subcall function 0041F3A8: IsWindow.USER32(?), ref: 0041F3B6
                                                                                                                                                                      • Part of subcall function 0041F3A8: EnableWindow.USER32(?,00000001), ref: 0041F3C5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ThreadWindow$CurrentEnableEnumPathPrepareWindowsWrite
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3319771486-0
                                                                                                                                                                    • Opcode ID: 9f032309dcde971134040d123568164e642ddd2cabc1e4735cf40f63c5ed8cf9
                                                                                                                                                                    • Instruction ID: b16b0b1c8f0f43ce2eded6e4310be42afa410753b2a581968e322ef2fdc8cd52
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f032309dcde971134040d123568164e642ddd2cabc1e4735cf40f63c5ed8cf9
                                                                                                                                                                    • Instruction Fuzzy Hash: EFF0BEB1B08344BFFB05DB72EC56B6AB7A8E30A714F61447BF404861A0EAF95840852E
                                                                                                                                                                    Function 0042CC54 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042CC78
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FullNamePath
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 608056474-0
                                                                                                                                                                    • Opcode ID: 428d784e0bfc7ea914628290b6176d02b3cebe94b5205d1ffc685c49e669826c
                                                                                                                                                                    • Instruction ID: a2a3468b7bc3cfdf25810f87908f7fe28db096dc5188f9b8c4dedd834d11342f
                                                                                                                                                                    • Opcode Fuzzy Hash: 428d784e0bfc7ea914628290b6176d02b3cebe94b5205d1ffc685c49e669826c
                                                                                                                                                                    • Instruction Fuzzy Hash: BFE0EC6170051023D611556F6CC15BF518C8BD4375F04013BB95CDB3D1DABDCE45019E
                                                                                                                                                                    Function 004169A0 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 004169D5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 716092398-0
                                                                                                                                                                    • Opcode ID: 055c9416affa8369aca5a52daf2b71abecd104a899c95fff13876bf4c34adbe4
                                                                                                                                                                    • Instruction ID: 76b9729045c620b17443a4bfae3f317f1f80b082859ffabd1d53e10c409eed5a
                                                                                                                                                                    • Opcode Fuzzy Hash: 055c9416affa8369aca5a52daf2b71abecd104a899c95fff13876bf4c34adbe4
                                                                                                                                                                    • Instruction Fuzzy Hash: FEF025B2600510AFDB84CF9CD8C0F9373ECEB0C210B0881A6FA08CF21AD220EC108BB0
                                                                                                                                                                    Function 00414E04 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00414E3F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                    • Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                                                                                    • Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
                                                                                                                                                                    • Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                                                                                    • Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91
                                                                                                                                                                    Function 00450F08 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00450F48
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                    • Opcode ID: 00d3b0e571f0f9799c9202ce425a31b8579894210baf7755ca9a5e27d392a7a4
                                                                                                                                                                    • Instruction ID: 8219f7e09200e9d280371fd8822ce49b3febf2e1364c7dcaf59ee2aef9f1cf3d
                                                                                                                                                                    • Opcode Fuzzy Hash: 00d3b0e571f0f9799c9202ce425a31b8579894210baf7755ca9a5e27d392a7a4
                                                                                                                                                                    • Instruction Fuzzy Hash: E2E0EDB53541483ED6809AAD7D42F9667DCD71A724F008033B998D7241D5619D158BE8
                                                                                                                                                                    Function 0042D11C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,0042D164,?,00000001,?,?,00000000,?,0042D1B6,00000000,00453169,00000000,0045318A,?,00000000), ref: 0042D147
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                    • Opcode ID: 52a97f63493a2405b18f7ceeeb4c5583b1fc3ffb9d272bcba16263c996160de7
                                                                                                                                                                    • Instruction ID: 9806b9c164805e7544688198397d180b04c1e4ca63c7d3d80aa3ce68cdb407ca
                                                                                                                                                                    • Opcode Fuzzy Hash: 52a97f63493a2405b18f7ceeeb4c5583b1fc3ffb9d272bcba16263c996160de7
                                                                                                                                                                    • Instruction Fuzzy Hash: 74E09271704704BFD701EF62DC53E6BBBECDB89B18BA14876B400E7692D6789E10D468
                                                                                                                                                                    Function 0042ED18 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004539D7,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042ED37
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FormatMessage
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1306739567-0
                                                                                                                                                                    • Opcode ID: 09ac2101c8e17b0b2705a927b8a5b1ff093a5eaf49e610a8aec8846a662564db
                                                                                                                                                                    • Instruction ID: 20bfa46e39afc277729b0f592bdc1926ad718625f52f7f76be7811270f12921f
                                                                                                                                                                    • Opcode Fuzzy Hash: 09ac2101c8e17b0b2705a927b8a5b1ff093a5eaf49e610a8aec8846a662564db
                                                                                                                                                                    • Instruction Fuzzy Hash: 0DE0206179471216F2351416AC47B77530E43C0704F944436BF50DD3E3D6AED906465E
                                                                                                                                                                    Function 004062F8 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateWindowExA.USER32(00000000,00423ACC,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,0042405C), ref: 00406321
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 716092398-0
                                                                                                                                                                    • Opcode ID: 9dc46ec25ca5ecaaaae1fbad39bdca196911fb58cef97937ba07dcb482697fa8
                                                                                                                                                                    • Instruction ID: 1e3b386673cc32b76f3712ab4659b14af7d7742474b1f2ca80afcc4f691b27f6
                                                                                                                                                                    • Opcode Fuzzy Hash: 9dc46ec25ca5ecaaaae1fbad39bdca196911fb58cef97937ba07dcb482697fa8
                                                                                                                                                                    • Instruction Fuzzy Hash: 26E002B221430DBFDB00DE8ADCC1DABB7ACFB4C654F808105BB1C972528675AC608B71
                                                                                                                                                                    Function 0042E234 Relevance: 1.5, APIs: 1, Instructions: 26registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042E260
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Create
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                                    • Opcode ID: 5347a797c781b98567e2e52ffd135a3f9820974f1ad95a252eafdff03c881ffc
                                                                                                                                                                    • Instruction ID: 1b6ad3e9ff9242377371a87229ab788a86a92e19cf0220c3a89558970fe9bf90
                                                                                                                                                                    • Opcode Fuzzy Hash: 5347a797c781b98567e2e52ffd135a3f9820974f1ad95a252eafdff03c881ffc
                                                                                                                                                                    • Instruction Fuzzy Hash: 58E07EB6600119AF9B40DE8DDC81EEB37ADAB5D360F444016FA48E7200C2B8EC519BB4
                                                                                                                                                                    Function 00455360 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindClose.KERNEL32(00000000,000000FF,0047194C,00000000,00472768,?,00000000,004727B1,?,00000000,004728EA,?,00000000,?,00000000,I), ref: 00455376
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseFind
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1863332320-0
                                                                                                                                                                    • Opcode ID: ca08d6a41a3365b0c39789ed8bfd002e1521f24d9fbafcb97c0f2956e0611627
                                                                                                                                                                    • Instruction ID: 8b71881552422ad0faea9fb58b8cbe3f8cf10286c40a53e64c89ff98b22cfa58
                                                                                                                                                                    • Opcode Fuzzy Hash: ca08d6a41a3365b0c39789ed8bfd002e1521f24d9fbafcb97c0f2956e0611627
                                                                                                                                                                    • Instruction Fuzzy Hash: 74E09BB0504A004BC714DF7A848132A77D15F84321F04C96ABC9CCB7D7E67C84154667
                                                                                                                                                                    Function 00414ACC Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(004972CE,?,004972F0,?,?,00000000,004972CE,?,?), ref: 00414AEB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                    • Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                                                                                    • Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
                                                                                                                                                                    • Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                                                                                    • Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0
                                                                                                                                                                    Function 00407360 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00407374
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                    • Opcode ID: 3a95ec999e214528a4642a0263e4bef887c4bff4fae810559ecd64d74c978ed9
                                                                                                                                                                    • Instruction ID: 7137799a8a619894c36928dc497025c8ae4ce5b7c347e91e7b4e2a044eac2fb2
                                                                                                                                                                    • Opcode Fuzzy Hash: 3a95ec999e214528a4642a0263e4bef887c4bff4fae810559ecd64d74c978ed9
                                                                                                                                                                    • Instruction Fuzzy Hash: CFD05B723082507BE320A55B5C44EAB6BDCCBC5774F10063EF958D31C1D6349C01C675
                                                                                                                                                                    Function 00423A9C Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00423A48: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 00423A5D
                                                                                                                                                                    • ShowWindow.USER32(004108B0,00000009,?,00000000,0041F1F4,00423D8A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,0042405C), ref: 00423AB7
                                                                                                                                                                      • Part of subcall function 00423A78: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 00423A94
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoParametersSystem$ShowWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3202724764-0
                                                                                                                                                                    • Opcode ID: b1c2cd61143bf12a0bef37db47b635a6d3ef0f027e429c080d83374e888f6fa5
                                                                                                                                                                    • Instruction ID: b4979a057c5364df20928e0f8112b75834207fc47edce7a1cb621b48fadbe9ee
                                                                                                                                                                    • Opcode Fuzzy Hash: b1c2cd61143bf12a0bef37db47b635a6d3ef0f027e429c080d83374e888f6fa5
                                                                                                                                                                    • Instruction Fuzzy Hash: E4D0A7137811703143117BB738469BF46EC4DD26AB38808BBB5C0DB303E91E8E051278
                                                                                                                                                                    Function 00424714 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetWindowTextA.USER32(?,00000000), ref: 0042472C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 530164218-0
                                                                                                                                                                    • Opcode ID: 0f798d55b4a563aaf07053da431746ff1fcbe1b34a54896860b3a53b831deb59
                                                                                                                                                                    • Instruction ID: 0401e0c0b6f3d46f422729750133087b7afca2a32056b90ced50410e3746bfe3
                                                                                                                                                                    • Opcode Fuzzy Hash: 0f798d55b4a563aaf07053da431746ff1fcbe1b34a54896860b3a53b831deb59
                                                                                                                                                                    • Instruction Fuzzy Hash: 17D05EE27011602BCB01BAAD54C4ACA67CC8B8936AB1440BBF908EF257C638CE458398
                                                                                                                                                                    Function 0042D174 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,00451D0F,00000000), ref: 0042D17F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                    • Opcode ID: 176281895ea3e42f60d60676608de6346bb49bc8ae14b0fa01ac27964d7a3955
                                                                                                                                                                    • Instruction ID: 86baad2ceceaa6a85e65f17f0286784d9b66173697f2cc348ab0aa8737b1e759
                                                                                                                                                                    • Opcode Fuzzy Hash: 176281895ea3e42f60d60676608de6346bb49bc8ae14b0fa01ac27964d7a3955
                                                                                                                                                                    • Instruction Fuzzy Hash: C9C080D0711210155E10A5BD1CC556703C849543793540F37B068D66D2D13D8466202C
                                                                                                                                                                    Function 004677CC Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00468491,00000000,00000000,00000000,0000000C,00000000), ref: 004677E4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                    • Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                                                                                    • Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
                                                                                                                                                                    • Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                                                                                    • Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0
                                                                                                                                                                    Function 00407310 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040AB24,0040D0D0,?,00000000,?), ref: 0040732D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                    • Opcode ID: 209b0ba7fd8c5b4a24ef9a539f4d873392a5060120ce01350303422817e34c0d
                                                                                                                                                                    • Instruction ID: a78e408fffc15bc8d0ee8a54c686fbaa4e2694f5c3f88f37cecd524e454749ad
                                                                                                                                                                    • Opcode Fuzzy Hash: 209b0ba7fd8c5b4a24ef9a539f4d873392a5060120ce01350303422817e34c0d
                                                                                                                                                                    • Instruction Fuzzy Hash: ADC048B13C130032F93025A61C87F1604889714B1AE60943AB740BE1C2D8E9A818016C
                                                                                                                                                                    Function 0041F7EC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?,?,00000000), ref: 0041F800
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                    • Opcode ID: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
                                                                                                                                                                    • Instruction ID: 48f25c4fc7afed193c39a16cc91a0304f94a1296cd048c63733264e3b5f0309e
                                                                                                                                                                    • Opcode Fuzzy Hash: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
                                                                                                                                                                    • Instruction Fuzzy Hash: D2D0C932100108AFDB018E94AC018677B69EB48210B148815FD0485221D633E831AA91
                                                                                                                                                                    Function 00451070 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetEndOfFile.KERNEL32(?,?,0045CB3E,00000000,0045CCC9,?,00000000,00000002,00000002), ref: 00451077
                                                                                                                                                                      • Part of subcall function 00450DF8: GetLastError.KERNEL32(00450C14,00450EBA,?,00000000,?,00499714,00000001,00000000,00000002,00000000,00499875,?,?,00000005,00000000,004998A9), ref: 00450DFB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 734332943-0
                                                                                                                                                                    • Opcode ID: 46bffcc4190b32f1737510e309765b0f9d847fb6a3bc417c92e668a4702f1f8e
                                                                                                                                                                    • Instruction ID: c64e7bd530bf7aca0fb3f38fdfe864b922b4b7832701085435935f337d1370ec
                                                                                                                                                                    • Opcode Fuzzy Hash: 46bffcc4190b32f1737510e309765b0f9d847fb6a3bc417c92e668a4702f1f8e
                                                                                                                                                                    • Instruction Fuzzy Hash: 0BC04CA5340140578F40A6AE85C1A1663DC9E193493504066B904DF657D669D8484A15
                                                                                                                                                                    Function 004073A0 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DeleteFileA.KERNEL32(00000000,0049D62C,00499FD9,00000000,0049A02E,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 004073AB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DeleteFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4033686569-0
                                                                                                                                                                    • Opcode ID: 1d09817a83adc629a21718d624ef61e5b620106610f408d65fcdebf0bc547e7b
                                                                                                                                                                    • Instruction ID: b32d93fc701aa1162a174406e7d11ef14f94d69b7075bb962530761d6eacc69a
                                                                                                                                                                    • Opcode Fuzzy Hash: 1d09817a83adc629a21718d624ef61e5b620106610f408d65fcdebf0bc547e7b
                                                                                                                                                                    • Instruction Fuzzy Hash: 5BB012E13D320A26CA0079FE4CC191B00CC46297063405A3A3406E71C3DC3CC8180414
                                                                                                                                                                    Function 004076F8 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,?,004996A2,00000000,00499875,?,?,00000005,00000000,004998A9,?,?,00000000), ref: 00407703
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1611563598-0
                                                                                                                                                                    • Opcode ID: f8e5bc84ed77a990345a18ebfce7b3b4d36d471a9523976a67f94f28f3ebd8b5
                                                                                                                                                                    • Instruction ID: c18bf430a4858a09d5fd0626d157798880aaaa8ea81a5298b6cf69089c3012d4
                                                                                                                                                                    • Opcode Fuzzy Hash: f8e5bc84ed77a990345a18ebfce7b3b4d36d471a9523976a67f94f28f3ebd8b5
                                                                                                                                                                    • Instruction Fuzzy Hash: B0B012E03D161B27CA0079FE4CC191A01CC46292163501B3A3006E71C3D83CC8080514
                                                                                                                                                                    Function 0042E83F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetErrorMode.KERNEL32(?,0042E85D), ref: 0042E850
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                                    • Opcode ID: bbf0f8014a804afebd1604ab393a38912dcaab738292d82ddfa54d7cc6c30dd0
                                                                                                                                                                    • Instruction ID: 289f6c2202f902c5fbbb0b24ee8d848b414576690a26c35d590b8c03c3951524
                                                                                                                                                                    • Opcode Fuzzy Hash: bbf0f8014a804afebd1604ab393a38912dcaab738292d82ddfa54d7cc6c30dd0
                                                                                                                                                                    • Instruction Fuzzy Hash: A7B09B76B0C6005DF705D6D5745152D63D4D7C57203E1457BF454D35C0D93C58004918
                                                                                                                                                                    Function 00416A3C Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DestroyWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3375834691-0
                                                                                                                                                                    • Opcode ID: 7c218e59c1dd1ff03dc8e849b9cf22d0cf8864dd38f6abff84783c2b34ac62d8
                                                                                                                                                                    • Instruction ID: 951f12253bcdbe2be33f1d7372765b1b3ebb510443260a24e1bbd496af9ec3c9
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c218e59c1dd1ff03dc8e849b9cf22d0cf8864dd38f6abff84783c2b34ac62d8
                                                                                                                                                                    • Instruction Fuzzy Hash: AFA002755015409ADB10E7A5C84DF7A2298BF44204FD905FA714CA7052C53CD9008A55
                                                                                                                                                                    Function 0047F09C Relevance: 1.4, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,0047F287,?,?,?,?,00000000,00000000,00000000,00000000), ref: 0047F241
                                                                                                                                                                      • Part of subcall function 0042CE50: GetSystemMetrics.USER32(0000002A), ref: 0042CE62
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMetricsMultiSystemWide
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 224039744-0
                                                                                                                                                                    • Opcode ID: f52afbad91b667b6f6308f5f7be5f2f829de3790a0e249e9b62606124138a6e4
                                                                                                                                                                    • Instruction ID: 496bb1a5f94cf580fd05206e04ab07141ed402b11bdf28edaa456749bafa96dd
                                                                                                                                                                    • Opcode Fuzzy Hash: f52afbad91b667b6f6308f5f7be5f2f829de3790a0e249e9b62606124138a6e4
                                                                                                                                                                    • Instruction Fuzzy Hash: 1D51B670600245FFDB10DFA6D884B9AB7F8EB19308F518077E804A73A2D778AD49CB59
                                                                                                                                                                    Function 0041F814 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041F1F4,?,00423CDF,0042405C,0041F1F4), ref: 0041F832
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                    • Opcode ID: 3cd9b2b82d3c03bb1042e3aec431f22b9c9f9b479e5e8d2dc048638413a345c3
                                                                                                                                                                    • Instruction ID: 12b252a98648104a36852bc9e66bdd9c626d3d2234b6f24232172dde86ff5d2a
                                                                                                                                                                    • Opcode Fuzzy Hash: 3cd9b2b82d3c03bb1042e3aec431f22b9c9f9b479e5e8d2dc048638413a345c3
                                                                                                                                                                    • Instruction Fuzzy Hash: FA1148746007059BCB10DF19C880B82FBE4EB98350F10C53AE9588B385D374E849CBA8
                                                                                                                                                                    Function 0040170C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualFree.KERNEL32(?,?,00004000,?,?,?,?,?,00401973), ref: 00401766
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                    • Opcode ID: c75a05877fa6d12c6d50048bf692a8cb9b872a1b30c0c7aeae6369689fd3dcf9
                                                                                                                                                                    • Instruction ID: 191f0f4b7cd680364798b3dc381f6aadc2f07e0dbee61be3c45a65ffd8c3a871
                                                                                                                                                                    • Opcode Fuzzy Hash: c75a05877fa6d12c6d50048bf692a8cb9b872a1b30c0c7aeae6369689fd3dcf9
                                                                                                                                                                    • Instruction Fuzzy Hash: 9E01FC766442148FC3109E29DCC0E2677E8D794378F15453EDA85673A1D37A7C4187D8
                                                                                                                                                                    Function 00453708 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00453771), ref: 00453753
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                    • Opcode ID: 23d18d59897e39bc4499862bac3fc6016057085f4d4fb8d535a9825dcce29caf
                                                                                                                                                                    • Instruction ID: c77a4f58350eb22b54b4dfaca8229fa0e9126d3262ef2898ea61e0989ca8d5dd
                                                                                                                                                                    • Opcode Fuzzy Hash: 23d18d59897e39bc4499862bac3fc6016057085f4d4fb8d535a9825dcce29caf
                                                                                                                                                                    • Instruction Fuzzy Hash: 24014CB5A042046B8701DF69A8114AEFBE8DB4D3617208277FC64D3342D7345E059764

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 0041F568 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersion.KERNEL32(?,00419440,00000000,?,?,?,00000001), ref: 0041F576
                                                                                                                                                                    • SetErrorMode.KERNEL32(00008000,?,00419440,00000000,?,?,?,00000001), ref: 0041F592
                                                                                                                                                                    • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00419440,00000000,?,?,?,00000001), ref: 0041F59E
                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00419440,00000000,?,?,?,00000001), ref: 0041F5AC
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F5DC
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F605
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F61A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F62F
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F644
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F659
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F66E
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F683
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F698
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F6AD
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000001,?,00419440,00000000,?,?,?,00000001), ref: 0041F6BF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                                                                                                                                                    • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                                                                                                                                                    • API String ID: 2323315520-3614243559
                                                                                                                                                                    • Opcode ID: 295d58f8963aeb50cb7b3eff559f7f46cf17737ed47e60c06b623fc90eccfea6
                                                                                                                                                                    • Instruction ID: 05ddd3b6a7babc3b5f2b58818bfec20f43c940fb7309246182468bed43dc01b1
                                                                                                                                                                    • Opcode Fuzzy Hash: 295d58f8963aeb50cb7b3eff559f7f46cf17737ed47e60c06b623fc90eccfea6
                                                                                                                                                                    • Instruction Fuzzy Hash: C93104B1A00604BBD710EF75BD46A6933A4F728B28B59093BB148D71A2E77C9C468F5C
                                                                                                                                                                    Function 00458DC4 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00458E2B
                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(021B3858,00000000,004590BE,?,?,021B3858,00000000,?,004597BA,?,021B3858,00000000), ref: 00458E34
                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(021B3858,021B3858), ref: 00458E3E
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,021B3858,00000000,004590BE,?,?,021B3858,00000000,?,004597BA,?,021B3858,00000000), ref: 00458E47
                                                                                                                                                                    • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 00458EBD
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,021B3858,021B3858), ref: 00458ECB
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,0049BB24,00000003,00000000,00000000,00000000,0045907A), ref: 00458F13
                                                                                                                                                                    • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,00459069,?,00000000,C0000000,00000000,0049BB24,00000003,00000000,00000000,00000000,0045907A), ref: 00458F4C
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458FF5
                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045902B
                                                                                                                                                                    • CloseHandle.KERNEL32(000000FF,00459070,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00459063
                                                                                                                                                                      • Part of subcall function 00453C04: GetLastError.KERNEL32(00000000,00454799,00000005,00000000,004547CE,?,?,00000000,0049D62C,00000004,00000000,00000000,00000000,?,00499C8D,00000000), ref: 00453C07
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                                                                                                                    • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                                                                                                                    • API String ID: 770386003-3271284199
                                                                                                                                                                    • Opcode ID: 00cd0315580555fc15641c75f8b177e93c477e0d48a26e946a3f972788ce9b0f
                                                                                                                                                                    • Instruction ID: c4bf9a6304175502231bb311a6f33329fdfd9ee29416440b986483e0f2b1c780
                                                                                                                                                                    • Opcode Fuzzy Hash: 00cd0315580555fc15641c75f8b177e93c477e0d48a26e946a3f972788ce9b0f
                                                                                                                                                                    • Instruction Fuzzy Hash: 9071F270A00654DADB10DF65CC46B9E7BF8EB05705F1045AAF908FB282DB785D448F69
                                                                                                                                                                    Function 0047974C Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 94COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004795B8: GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,021B79F0,?,?,?,021B79F0,0047977C,00000000,0047989A,?,?,?,?), ref: 004795D1
                                                                                                                                                                      • Part of subcall function 004795B8: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004795D7
                                                                                                                                                                      • Part of subcall function 004795B8: GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021B79F0,?,?,?,021B79F0,0047977C,00000000,0047989A,?,?,?,?), ref: 004795EA
                                                                                                                                                                      • Part of subcall function 004795B8: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021B79F0,?,?,?,021B79F0), ref: 00479614
                                                                                                                                                                      • Part of subcall function 004795B8: CloseHandle.KERNEL32(00000000,?,?,?,021B79F0,0047977C,00000000,0047989A,?,?,?,?), ref: 00479632
                                                                                                                                                                      • Part of subcall function 00479690: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00479722,?,?,?,021B79F0,?,00479784,00000000,0047989A,?,?,?,?), ref: 004796C0
                                                                                                                                                                    • ShellExecuteEx.SHELL32(0000003C), ref: 004797D4
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,0047989A,?,?,?,?), ref: 004797DD
                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 0047982A
                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 0047984E
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,0047987F,00000000,00000000,000000FF,000000FF,00000000,00479878,?,00000000,0047989A,?,?,?,?), ref: 00479872
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Handle$CloseFile$AddressAttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcProcessShellWait
                                                                                                                                                                    • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                                                                                                                    • API String ID: 883996979-221126205
                                                                                                                                                                    • Opcode ID: 40cbed9b382629c34975e615baff17e244b3b7c0af094d57c91506f8ab24cf10
                                                                                                                                                                    • Instruction ID: ef977962423105e2be3f30a06cf623b0e2f7e3d3d4ebd630472f9d2e264b432c
                                                                                                                                                                    • Opcode Fuzzy Hash: 40cbed9b382629c34975e615baff17e244b3b7c0af094d57c91506f8ab24cf10
                                                                                                                                                                    • Instruction Fuzzy Hash: 35314471910204AADB10FFAA88416DEBAB8EF45314F51857FF518F7281D77C8D058B1A
                                                                                                                                                                    Function 004187D4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsIconic.USER32(?), ref: 004187E3
                                                                                                                                                                    • GetWindowPlacement.USER32(?,0000002C), ref: 00418800
                                                                                                                                                                    • GetWindowRect.USER32(?), ref: 0041881C
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 0041882A
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F8), ref: 0041883F
                                                                                                                                                                    • ScreenToClient.USER32(00000000), ref: 00418848
                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00418853
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                                                                                                                    • String ID: ,
                                                                                                                                                                    • API String ID: 2266315723-3772416878
                                                                                                                                                                    • Opcode ID: b787cf8406b328f9ec3a8af6233a206f78ef01905e488829e8331a9627355685
                                                                                                                                                                    • Instruction ID: c8128d77bd0d7ceb2c04d713c679bf83e48da9b619e6265fa23865d78167b210
                                                                                                                                                                    • Opcode Fuzzy Hash: b787cf8406b328f9ec3a8af6233a206f78ef01905e488829e8331a9627355685
                                                                                                                                                                    • Instruction Fuzzy Hash: 1B111971505201ABDB00EF69C885E9B77E8AF48314F140A7EB958DB286C738D900CB65
                                                                                                                                                                    Function 0042F71C Relevance: 13.6, APIs: 9, Instructions: 108windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsIconic.USER32(?), ref: 0042F744
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 0042F758
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EC), ref: 0042F76F
                                                                                                                                                                    • GetActiveWindow.USER32 ref: 0042F778
                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 0042F7A5
                                                                                                                                                                    • SetActiveWindow.USER32(?,0042F8D5,00000000,?), ref: 0042F7C6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$ActiveLong$IconicMessage
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1633107849-0
                                                                                                                                                                    • Opcode ID: 49306f5a5aea126db747c93f7e274e0cd8a3885b454e69ee071c1ce4e6e90790
                                                                                                                                                                    • Instruction ID: 4c2db8bb30fa69d0e852579bfabd785c91e73d104037fd1269e13a33cc275b58
                                                                                                                                                                    • Opcode Fuzzy Hash: 49306f5a5aea126db747c93f7e274e0cd8a3885b454e69ee071c1ce4e6e90790
                                                                                                                                                                    • Instruction Fuzzy Hash: 0D31B170A00654AFDB01EFB5DC52D6EBBF8EB09704B9244BBF804E7291D6389D04CB18
                                                                                                                                                                    Function 00455D80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028), ref: 00455D8F
                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 00455D95
                                                                                                                                                                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00455DAE
                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00455DD5
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 00455DDA
                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00455DEB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                    • API String ID: 107509674-3733053543
                                                                                                                                                                    • Opcode ID: 082306ff38d6c760ea0c9f1032eabff53d8a831f0171a5046667534f49f86738
                                                                                                                                                                    • Instruction ID: 02e3d1fa5e569da00b44776faf89310fbaa28c239a726f1a6525e170f6cce7ee
                                                                                                                                                                    • Opcode Fuzzy Hash: 082306ff38d6c760ea0c9f1032eabff53d8a831f0171a5046667534f49f86738
                                                                                                                                                                    • Instruction Fuzzy Hash: 55F06871294B02BAE650A6718C1BF7B21A8DB40749F50892ABD41EA1C3D7BDD40C8A7A
                                                                                                                                                                    Function 0049998C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00499ACA,?,?,00000000,0049D62C,?,00499C54,00000000,00499CA8,?,?,00000000,0049D62C), ref: 004999E3
                                                                                                                                                                    • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 00499A66
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,00499AA2,?,00000000,?,00000000,00499ACA,?,?,00000000,0049D62C,?,00499C54,00000000), ref: 00499A7E
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,00499AA9,00499AA2,?,00000000,?,00000000,00499ACA,?,?,00000000,0049D62C,?,00499C54,00000000,00499CA8), ref: 00499A9C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileFind$AttributesCloseFirstNext
                                                                                                                                                                    • String ID: isRS-$isRS-???.tmp
                                                                                                                                                                    • API String ID: 134685335-3422211394
                                                                                                                                                                    • Opcode ID: 8ca81a6a2fb8c932f84017f9cff577f077a29b681ac18633c8276a8f8e5e28f9
                                                                                                                                                                    • Instruction ID: e7bbbac40fef3dfc3cc8058b31a588cc53a4b1370f1491e53b11de7997221e0f
                                                                                                                                                                    • Opcode Fuzzy Hash: 8ca81a6a2fb8c932f84017f9cff577f077a29b681ac18633c8276a8f8e5e28f9
                                                                                                                                                                    • Instruction Fuzzy Hash: 98318871A015586FDF10EF66CC41ADEBBBCDB45304F5184BBA808A32A1DA389F45CE58
                                                                                                                                                                    Function 00457D90 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241windownativeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457E0D
                                                                                                                                                                    • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457E34
                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 00457E45
                                                                                                                                                                    • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,0045811D,?,00000000,00458159), ref: 00458108
                                                                                                                                                                    Strings
                                                                                                                                                                    • Cannot evaluate variable because [Code] isn't running yet, xrefs: 00457F88
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessagePostWindow$ForegroundNtdllProc_
                                                                                                                                                                    • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                                                                                                                                    • API String ID: 2236967946-3182603685
                                                                                                                                                                    • Opcode ID: aa4fb14c4750a4fffb86f63b8bf587e290e3f0845f2971bacb7646d30ad03be8
                                                                                                                                                                    • Instruction ID: fc8679ff921622e129be82b5c7b8b9d6156041410e322bf9d6052ebf871bd799
                                                                                                                                                                    • Opcode Fuzzy Hash: aa4fb14c4750a4fffb86f63b8bf587e290e3f0845f2971bacb7646d30ad03be8
                                                                                                                                                                    • Instruction Fuzzy Hash: E8911234604204DFDB15CF55D952F1ABBF9EB88700F2180BAED04AB792CB79AE05CB58
                                                                                                                                                                    Function 00418120 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsIconic.USER32(?), ref: 0041815F
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 0041817D
                                                                                                                                                                    • GetWindowPlacement.USER32(?,0000002C), ref: 004181B3
                                                                                                                                                                    • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 004181DA
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$Placement$Iconic
                                                                                                                                                                    • String ID: ,
                                                                                                                                                                    • API String ID: 568898626-3772416878
                                                                                                                                                                    • Opcode ID: 3939ae1d6e1c590614f47c3d4bcf148a2532e1c37498b01d3d2c2056b4d5783c
                                                                                                                                                                    • Instruction ID: 655d5dfc889397085a04c255a013ff48624dbcd9c32011b5bbe491b24769000a
                                                                                                                                                                    • Opcode Fuzzy Hash: 3939ae1d6e1c590614f47c3d4bcf148a2532e1c37498b01d3d2c2056b4d5783c
                                                                                                                                                                    • Instruction Fuzzy Hash: 3C211D72600204ABDF00EF69CCC1ADA77E8AF49314F55456AFD18DF246CB78D9458BA8
                                                                                                                                                                    Function 004648D0 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000000,00464A8D), ref: 00464901
                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00464A60,?,00000001,00000000,00464A8D), ref: 00464990
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,00464A42,?,00000000,?,00000000,00464A60,?,00000001,00000000,00464A8D), ref: 00464A22
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,00464A49,00464A42,?,00000000,?,00000000,00464A60,?,00000001,00000000,00464A8D), ref: 00464A3C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4011626565-0
                                                                                                                                                                    • Opcode ID: 8425bec51b1539bc42be6fa0dc16cebdbc73a6a4631d9c3611c6690ddff9c927
                                                                                                                                                                    • Instruction ID: ae00aa0afc7aa582470d59ca75ba9400823c3a1943f8949d3747a5def8a0c8eb
                                                                                                                                                                    • Opcode Fuzzy Hash: 8425bec51b1539bc42be6fa0dc16cebdbc73a6a4631d9c3611c6690ddff9c927
                                                                                                                                                                    • Instruction Fuzzy Hash: B541C570A00658AFDF11EFA5DC45ADEB7B8EB89305F4044BAF404E7381E63C9E488E19
                                                                                                                                                                    Function 00464D4C Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000000,00464F33), ref: 00464DC1
                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00464EFE,?,00000001,00000000,00464F33), ref: 00464E07
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,00464EE0,?,00000000,?,00000000,00464EFE,?,00000001,00000000,00464F33), ref: 00464EBC
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,00464EE7,00464EE0,?,00000000,?,00000000,00464EFE,?,00000001,00000000,00464F33), ref: 00464EDA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4011626565-0
                                                                                                                                                                    • Opcode ID: 5535ccf106865e9ba1cb7379e797f255bf40aa427260ef7e008b34f54015f23f
                                                                                                                                                                    • Instruction ID: 8e27f6cc4c7e55bed8f6d5ebd72a4c3c722eac7afebeb0f1b00dc6af3d7f2fe3
                                                                                                                                                                    • Opcode Fuzzy Hash: 5535ccf106865e9ba1cb7379e797f255bf40aa427260ef7e008b34f54015f23f
                                                                                                                                                                    • Instruction Fuzzy Hash: 31416535A006589FCB11EFA5CD859DEB7B9FBC8305F5044AAF804E7341EB389E448E59
                                                                                                                                                                    Function 0042ED84 Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00453683,00000000,004536A4), ref: 0042EDA6
                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042EDD1
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00453683,00000000,004536A4), ref: 0042EDDE
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00453683,00000000,004536A4), ref: 0042EDE6
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00453683,00000000,004536A4), ref: 0042EDEC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1177325624-0
                                                                                                                                                                    • Opcode ID: a3cdfd19ed6e05f610027ad3c770f5426ba7dbed0f434b5d0629b5873c5aee4f
                                                                                                                                                                    • Instruction ID: d5f14a2582f403684e4f7b299b1070748df424b87161b08669007267f0031b9d
                                                                                                                                                                    • Opcode Fuzzy Hash: a3cdfd19ed6e05f610027ad3c770f5426ba7dbed0f434b5d0629b5873c5aee4f
                                                                                                                                                                    • Instruction Fuzzy Hash: 21F0F0723A07203AF620B17A6C82F7F018CC784B68F10423AF704FF1D1D9A84D0515AD
                                                                                                                                                                    Function 00484D28 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsIconic.USER32(?), ref: 00484D66
                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 00484D84
                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005,00000000,000000F0,0049E0AC,00484242,00484276,00000000,00484296,?,?,?,0049E0AC), ref: 00484DA6
                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000,00000000,000000F0,0049E0AC,00484242,00484276,00000000,00484296,?,?,?,0049E0AC), ref: 00484DBA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$Show$IconicLong
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2754861897-0
                                                                                                                                                                    • Opcode ID: 6d02ab3679acd20c13477f6129401e215db0be7c9c4dcc708735b62ecc99512f
                                                                                                                                                                    • Instruction ID: c453c85064c149f2f8de5328ae0569b6634ad2f96c4c2f1b45344ef68f201c80
                                                                                                                                                                    • Opcode Fuzzy Hash: 6d02ab3679acd20c13477f6129401e215db0be7c9c4dcc708735b62ecc99512f
                                                                                                                                                                    • Instruction Fuzzy Hash: 3D015E706002129EDB10FB769D89B9A22D95B50344F19083FB8449B2E2CB7C9841975C
                                                                                                                                                                    Function 00463344 Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,00463418), ref: 0046339C
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,004633F8,?,00000000,?,00000000,00463418), ref: 004633D8
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,004633FF,004633F8,?,00000000,?,00000000,00463418), ref: 004633F2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3541575487-0
                                                                                                                                                                    • Opcode ID: 74dec2f1ab5e2df009f0305eca1d375337e493f82ed9a2eb6fff0ff240b42050
                                                                                                                                                                    • Instruction ID: 0500e82312f9f08261d57c94a6d9b1f58695be5d4d7593f033a5dbf80f84d4fc
                                                                                                                                                                    • Opcode Fuzzy Hash: 74dec2f1ab5e2df009f0305eca1d375337e493f82ed9a2eb6fff0ff240b42050
                                                                                                                                                                    • Instruction Fuzzy Hash: 1421DB315046886FDB11DF66CC41ADEB7ACDB49305F5084F7B808D3251EA389F44C959
                                                                                                                                                                    Function 0042462C Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsIconic.USER32(?), ref: 00424634
                                                                                                                                                                    • SetActiveWindow.USER32(?,?,?,?,0046DA13), ref: 00424641
                                                                                                                                                                      • Part of subcall function 00423A9C: ShowWindow.USER32(004108B0,00000009,?,00000000,0041F1F4,00423D8A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,0042405C), ref: 00423AB7
                                                                                                                                                                      • Part of subcall function 00423F64: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,021B25AC,0042465A,?,?,?,?,0046DA13), ref: 00423F9F
                                                                                                                                                                    • SetFocus.USER32(00000000,?,?,?,?,0046DA13), ref: 0042466E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$ActiveFocusIconicShow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 649377781-0
                                                                                                                                                                    • Opcode ID: f6b17c850702daf3fe2f22264f5d8e983b40a127641bef431db8629b7e0b9e45
                                                                                                                                                                    • Instruction ID: 5ae1608fbac1b61a262bbd8080f57afdf1b64e8a1d97d82fcb33e84f02d7d1dc
                                                                                                                                                                    • Opcode Fuzzy Hash: f6b17c850702daf3fe2f22264f5d8e983b40a127641bef431db8629b7e0b9e45
                                                                                                                                                                    • Instruction Fuzzy Hash: DBF0D07170122187CB00BFA9D9C5A9633A8AF48714B56407BBD09DF25BC67CDC458768
                                                                                                                                                                    Function 0042F254 Relevance: 4.5, APIs: 3, Instructions: 28synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeSecurityDescriptor.ADVAPI32(00000001,00000001), ref: 0042F261
                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,00000001,00000001), ref: 0042F271
                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0042F299
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DescriptorSecurity$CreateDaclInitializeMutex
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3525989157-0
                                                                                                                                                                    • Opcode ID: 296a65e85b4cf530d2912259c248fa0dd98adb1b483a3bccc15e2a953cf47158
                                                                                                                                                                    • Instruction ID: b330794617a7040f76ad0da05c7b1ee5a1856395dd3e8d048ce20caf316d4231
                                                                                                                                                                    • Opcode Fuzzy Hash: 296a65e85b4cf530d2912259c248fa0dd98adb1b483a3bccc15e2a953cf47158
                                                                                                                                                                    • Instruction Fuzzy Hash: 18E0C0B16443007EE200EE758C82F5F76DCDB48714F00483AB654DB1C1E679D9489B96
                                                                                                                                                                    Function 0041811E Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsIconic.USER32(?), ref: 0041815F
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 0041817D
                                                                                                                                                                    • GetWindowPlacement.USER32(?,0000002C), ref: 004181B3
                                                                                                                                                                    • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 004181DA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$Placement$Iconic
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 568898626-0
                                                                                                                                                                    • Opcode ID: add44dc6c1a8246b0274be2cc60e43faf0e8d0d1d4c3491e9dc610c53a27efe0
                                                                                                                                                                    • Instruction ID: b17f17ea660f77e7302433a0225cb82371cce2f83056bcd31e3690383aca5fbc
                                                                                                                                                                    • Opcode Fuzzy Hash: add44dc6c1a8246b0274be2cc60e43faf0e8d0d1d4c3491e9dc610c53a27efe0
                                                                                                                                                                    • Instruction Fuzzy Hash: E5012C72300104BBDF10EE69CCC1EEB7798AB55364F55416AFD18DF242DA38ED8287A8
                                                                                                                                                                    Function 004179E8 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CaptureIconic
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2277910766-0
                                                                                                                                                                    • Opcode ID: 373e0a40ab0d4ea76f69d1688ff4f953920e4e837af208d8a25afaf4faa000c4
                                                                                                                                                                    • Instruction ID: c42435c704d87005acf5b6d7044dd68bff31d3bfeee1bac994fdbb5906758c2c
                                                                                                                                                                    • Opcode Fuzzy Hash: 373e0a40ab0d4ea76f69d1688ff4f953920e4e837af208d8a25afaf4faa000c4
                                                                                                                                                                    • Instruction Fuzzy Hash: 79F049313446014BD720A72DC889AAF62F99F84394B1C643BE41AC7756EB7DDDC48758
                                                                                                                                                                    Function 004245E4 Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsIconic.USER32(?), ref: 004245EB
                                                                                                                                                                      • Part of subcall function 00423ED4: EnumWindows.USER32(00423E6C), ref: 00423EF8
                                                                                                                                                                      • Part of subcall function 00423ED4: GetWindow.USER32(?,00000003), ref: 00423F0D
                                                                                                                                                                      • Part of subcall function 00423ED4: GetWindowLongA.USER32(?,000000EC), ref: 00423F1C
                                                                                                                                                                      • Part of subcall function 00423ED4: SetWindowPos.USER32(00000000,004245AC,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004245FB,?,?,004241C3), ref: 00423F52
                                                                                                                                                                    • SetActiveWindow.USER32(?,?,?,004241C3,00000000,004245AC), ref: 004245FF
                                                                                                                                                                      • Part of subcall function 00423A9C: ShowWindow.USER32(004108B0,00000009,?,00000000,0041F1F4,00423D8A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,0042405C), ref: 00423AB7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$ActiveEnumIconicLongShowWindows
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2671590913-0
                                                                                                                                                                    • Opcode ID: 1a354955b864757cfaa5613f9b306845f8d366a619694d2750710a135c8cdae9
                                                                                                                                                                    • Instruction ID: 0eb0e95855424de6865fa4d756a676c77cd5728601e575884a8a50090c80911a
                                                                                                                                                                    • Opcode Fuzzy Hash: 1a354955b864757cfaa5613f9b306845f8d366a619694d2750710a135c8cdae9
                                                                                                                                                                    • Instruction Fuzzy Hash: 3BE01A6070010187DB00EFAAE8C4B8622A8BF88305F55017ABC08CF24BDA3CDC048728
                                                                                                                                                                    Function 00412A28 Relevance: 1.7, APIs: 1, Instructions: 188nativeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,00412C25), ref: 00412C13
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: NtdllProc_Window
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4255912815-0
                                                                                                                                                                    • Opcode ID: de892e97fbd68e1bb7582f7974717f862a539d23c567f166e41cd9819a8f42aa
                                                                                                                                                                    • Instruction ID: cdfe5c129d614e166dcfab814c58775b37bd24f4e82d9105b90a581207f53ed6
                                                                                                                                                                    • Opcode Fuzzy Hash: de892e97fbd68e1bb7582f7974717f862a539d23c567f166e41cd9819a8f42aa
                                                                                                                                                                    • Instruction Fuzzy Hash: 0451C2316082058FC720DF6AD781A9AF3E5EF98304B2086ABD904C7351EAB9ED91C74D
                                                                                                                                                                    Function 00479D08 Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 00479E56
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: NtdllProc_Window
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4255912815-0
                                                                                                                                                                    • Opcode ID: 462738d441aef1136b86fc8094aec41bc4a49bb6b5bf6afc55cbfc6645c50547
                                                                                                                                                                    • Instruction ID: 77384fbc8b33c5310ab19163c687e45bac72601044cd1e9f95c219b02d082465
                                                                                                                                                                    • Opcode Fuzzy Hash: 462738d441aef1136b86fc8094aec41bc4a49bb6b5bf6afc55cbfc6645c50547
                                                                                                                                                                    • Instruction Fuzzy Hash: 71414A75604105EFCB20CF99C6808AAB7F5EB48310B74C9A6E849DB745D338EE41DB94
                                                                                                                                                                    Function 0044BB28 Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 282libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0044BAA4: GetVersionExA.KERNEL32(00000094), ref: 0044BAC1
                                                                                                                                                                      • Part of subcall function 0044BAF8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0044BB10
                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,00000000,0044BF0B,?,?,?,?,00000000,00000000,?,0044FD4D,0049A4DA), ref: 0044BB8A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044BBA2
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044BBB4
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044BBC6
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044BBD8
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044BBEA
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044BBFC
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044BC0E
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044BC20
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044BC32
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044BC44
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044BC56
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044BC68
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044BC7A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044BC8C
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044BC9E
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044BCB0
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044BCC2
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044BCD4
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044BCE6
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044BCF8
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044BD0A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044BD1C
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044BD2E
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044BD40
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044BD52
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044BD64
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044BD76
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044BD88
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044BD9A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044BDAC
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044BDBE
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044BDD0
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044BDE2
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044BDF4
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044BE06
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044BE18
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044BE2A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044BE3C
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044BE4E
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044BE60
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044BE72
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044BE84
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044BE96
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044BEA8
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044BEBA
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044BECC
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044BEDE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystemVersion
                                                                                                                                                                    • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                                                                                                    • API String ID: 2754715182-2910565190
                                                                                                                                                                    • Opcode ID: 2001b9481bd4323523c3a6d9ee5d3feebd5ce703d364f315cb0e33d3a930df2d
                                                                                                                                                                    • Instruction ID: 345b4916510d3cb7c096cba84ec2b1d1bd9d6ff2ab3c947e91cb1c242a843473
                                                                                                                                                                    • Opcode Fuzzy Hash: 2001b9481bd4323523c3a6d9ee5d3feebd5ce703d364f315cb0e33d3a930df2d
                                                                                                                                                                    • Instruction Fuzzy Hash: 49A16AB0A41A50EBEB00EFF5DC86A2A37A8EB15B14B1405BBB444EF295D678DC048F5D
                                                                                                                                                                    Function 00493FEC Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • Sleep.KERNEL32(00000000,00000000,004944E1,?,?,?,?,00000000,00000000,00000000), ref: 0049402C
                                                                                                                                                                    • FindWindowA.USER32(00000000,00000000), ref: 0049405D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FindSleepWindow
                                                                                                                                                                    • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                                                                                                                                                    • API String ID: 3078808852-3310373309
                                                                                                                                                                    • Opcode ID: 28bb25c06d8c6445cf1c7c1f865092fb669543c965e5694d69a1ca75a26ea9a3
                                                                                                                                                                    • Instruction ID: aaf63752e06fee66a7d05b71673dc8e7902340e663ecb0da5339ca9489632561
                                                                                                                                                                    • Opcode Fuzzy Hash: 28bb25c06d8c6445cf1c7c1f865092fb669543c965e5694d69a1ca75a26ea9a3
                                                                                                                                                                    • Instruction Fuzzy Hash: 7EC14060B0421027DB14FB7ACC4692E5A999BD4704750CA3FB40AEB78BDE3CDC0B4799
                                                                                                                                                                    Function 0041CE5C Relevance: 33.2, APIs: 22, Instructions: 213windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0041CE90
                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0041CE9C
                                                                                                                                                                    • CreateBitmap.GDI32(0041AD94,?,00000001,00000001,00000000), ref: 0041CEC0
                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,0041AD94,?), ref: 0041CED0
                                                                                                                                                                    • SelectObject.GDI32(0041D28C,00000000), ref: 0041CEEB
                                                                                                                                                                    • FillRect.USER32(0041D28C,?,?), ref: 0041CF26
                                                                                                                                                                    • SetTextColor.GDI32(0041D28C,00000000), ref: 0041CF3B
                                                                                                                                                                    • SetBkColor.GDI32(0041D28C,00000000), ref: 0041CF52
                                                                                                                                                                    • PatBlt.GDI32(0041D28C,00000000,00000000,0041AD94,?,00FF0062), ref: 0041CF68
                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0041CF7B
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 0041CFAC
                                                                                                                                                                    • SelectPalette.GDI32(00000000,00000000,00000001), ref: 0041CFC4
                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 0041CFCD
                                                                                                                                                                    • SelectPalette.GDI32(0041D28C,00000000,00000001), ref: 0041CFDC
                                                                                                                                                                    • RealizePalette.GDI32(0041D28C), ref: 0041CFE5
                                                                                                                                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0041CFFE
                                                                                                                                                                    • SetBkColor.GDI32(00000000,00000000), ref: 0041D015
                                                                                                                                                                    • BitBlt.GDI32(0041D28C,00000000,00000000,0041AD94,?,00000000,00000000,00000000,00CC0020), ref: 0041D031
                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 0041D03E
                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 0041D054
                                                                                                                                                                      • Part of subcall function 0041A4A8: GetSysColor.USER32(?), ref: 0041A4B2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ColorSelect$CreatePalette$CompatibleObject$BitmapRealizeText$DeleteFillRect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 269503290-0
                                                                                                                                                                    • Opcode ID: 5e0ecd7f746a94368510dc98cd5b3d13ae19e4ca4739b00519ae71ef4424a664
                                                                                                                                                                    • Instruction ID: f3cd37e79d0242250547ce8a95e3067296a2558137ee74c5e82542f4c8f5946c
                                                                                                                                                                    • Opcode Fuzzy Hash: 5e0ecd7f746a94368510dc98cd5b3d13ae19e4ca4739b00519ae71ef4424a664
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F61CD71A44604AFDB10EBE9DC46FAFB7B8EF48704F10446AF504E7281C67CA9418B69
                                                                                                                                                                    Function 00499CB8 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ShowWindow.USER32(?,00000005,00000000,0049A050,?,?,00000000,?,00000000,00000000,?,0049A407,00000000,0049A411,?,00000000), ref: 00499D3B
                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,0049A050,?,?,00000000,?,00000000,00000000,?,0049A407,00000000), ref: 00499D4E
                                                                                                                                                                    • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,0049A050,?,?,00000000,?,00000000,00000000), ref: 00499D5E
                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00499D7F
                                                                                                                                                                    • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,0049A050,?,?,00000000,?,00000000), ref: 00499D8F
                                                                                                                                                                      • Part of subcall function 0042D89C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D92A,?,?,?,00000001,?,0045681A,00000000,00456882), ref: 0042D8D1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                                                                                                                                                    • String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                                                                                                                                                    • API String ID: 2000705611-3672972446
                                                                                                                                                                    • Opcode ID: c377b55112e86d5197bf30a9ea5beceb5b50c2c72365fe43e329d17317c8532c
                                                                                                                                                                    • Instruction ID: 24b702ce4587ab849973673670b37801b9677cadbfb3bf4f1077f7c12e9ac28d
                                                                                                                                                                    • Opcode Fuzzy Hash: c377b55112e86d5197bf30a9ea5beceb5b50c2c72365fe43e329d17317c8532c
                                                                                                                                                                    • Instruction Fuzzy Hash: 5591C430A04205AFDF11EF69C852BAEBBB4EB49304F51447AF500AB792C63DAC05CB6D
                                                                                                                                                                    Function 0045AED4 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 209COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,0045B190,?,?,?,?,?,00000006,?,00000000,00499145,?,00000000,004991E8), ref: 0045B042
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                                                                                                                    • API String ID: 1452528299-3112430753
                                                                                                                                                                    • Opcode ID: 02aa4fbd186afaaa2e0272296d8c1160630e2d1ec18a20dbf9aa9fca0bd4a251
                                                                                                                                                                    • Instruction ID: 1722664f16d817fc675012576ec738190a07adef69c32437d7057340c1fc2b4b
                                                                                                                                                                    • Opcode Fuzzy Hash: 02aa4fbd186afaaa2e0272296d8c1160630e2d1ec18a20dbf9aa9fca0bd4a251
                                                                                                                                                                    • Instruction Fuzzy Hash: 3271AE307006445BDB01EB6A88927AE7BA5EF49755F50846BFC01EB383CB7C8E49879D
                                                                                                                                                                    Function 0045D3BC Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 182libraryloadermemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersion.KERNEL32 ref: 0045D3D6
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045D3F6
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0045D403
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 0045D410
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045D41E
                                                                                                                                                                      • Part of subcall function 0045D2C4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0045D363,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0045D33D
                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045D611,?,?,00000000), ref: 0045D4D7
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045D611,?,?,00000000), ref: 0045D4E0
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$AllocateByteCharErrorHandleInitializeLastModuleMultiVersionWide
                                                                                                                                                                    • String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
                                                                                                                                                                    • API String ID: 59345061-4263478283
                                                                                                                                                                    • Opcode ID: 0336fb35fd749793045182d1361f828010284629c3cee937cf748adbc12729e9
                                                                                                                                                                    • Instruction ID: 1fdbc06bdf38f6500452038ca5d2f44928d617c4984e35671f0aa61f53d98d16
                                                                                                                                                                    • Opcode Fuzzy Hash: 0336fb35fd749793045182d1361f828010284629c3cee937cf748adbc12729e9
                                                                                                                                                                    • Instruction Fuzzy Hash: D35183B1D00208EFDB20DF99C841BAEB7B8EF49315F14806AF904B7382D6789945CF69
                                                                                                                                                                    Function 0041B7FC Relevance: 21.1, APIs: 14, Instructions: 126windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 0041B813
                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 0041B81D
                                                                                                                                                                    • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B82F
                                                                                                                                                                    • CreateBitmap.GDI32(0000000B,?,00000001,00000001,00000000), ref: 0041B846
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0041B852
                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,0000000B,?), ref: 0041B87F
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0041B8A5
                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 0041B8C0
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 0041B8CF
                                                                                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B8FB
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 0041B909
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 0041B917
                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 0041B920
                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 0041B929
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Object$CreateSelect$Compatible$BitmapDelete$ReleaseStretch
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 644427674-0
                                                                                                                                                                    • Opcode ID: 545e798d89bfd874ee53134500b0446245b84f374f10eb2ff5fc30c629433f8f
                                                                                                                                                                    • Instruction ID: 5456327a1e321ce8c2b8187df1c916a831ebe275c46a8a968a344784d91ca00b
                                                                                                                                                                    • Opcode Fuzzy Hash: 545e798d89bfd874ee53134500b0446245b84f374f10eb2ff5fc30c629433f8f
                                                                                                                                                                    • Instruction Fuzzy Hash: FC419F71E44609ABDB10EAE9C845FEFB7BCEB08704F104466F614F7281D7786D418BA8
                                                                                                                                                                    Function 00454FDC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(0045B366,00000000,00000000,?,00000000,?,00000000,00455275,?,0045B366,00000003,00000000,00000000,004552AC), ref: 004550F5
                                                                                                                                                                      • Part of subcall function 0042ED18: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004539D7,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042ED37
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(0045B366,00000000,00000000,00000000,?,00000004,00000000,004551BF,?,0045B366,00000000,00000000,?,00000000,?,00000000), ref: 00455179
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(0045B366,00000000,00000000,00000000,?,00000004,00000000,004551BF,?,0045B366,00000000,00000000,?,00000000,?,00000000), ref: 004551A8
                                                                                                                                                                    Strings
                                                                                                                                                                    • RegOpenKeyEx, xrefs: 00455078
                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00455013
                                                                                                                                                                    • , xrefs: 00455066
                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 0045504C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: QueryValue$FormatMessageOpen
                                                                                                                                                                    • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                                                                    • API String ID: 2812809588-1577016196
                                                                                                                                                                    • Opcode ID: 24c7366d0d95d927304ecb9806458665c5c1260ebffc3e1a4b840643974dfc12
                                                                                                                                                                    • Instruction ID: 06452bf81ef06fa34888f2ab1cc7b3841a1100f4c60e90cd60a05f06e497d7d6
                                                                                                                                                                    • Opcode Fuzzy Hash: 24c7366d0d95d927304ecb9806458665c5c1260ebffc3e1a4b840643974dfc12
                                                                                                                                                                    • Instruction Fuzzy Hash: E0913371D04608ABDB10DFA5C952BEEB7F8EB08305F50406BF904F7282D6799E088B69
                                                                                                                                                                    Function 00459C54 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00459B60: RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,00459C9D,00000000,00459E55,?,00000000,00000000,00000000), ref: 00459BAD
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459E55,?,00000000,00000000,00000000), ref: 00459CFB
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459E55,?,00000000,00000000,00000000), ref: 00459D65
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00459E55,?,00000000,00000000,00000000), ref: 00459DCC
                                                                                                                                                                    Strings
                                                                                                                                                                    • v2.0.50727, xrefs: 00459D57
                                                                                                                                                                    • v4.0.30319, xrefs: 00459CED
                                                                                                                                                                    • .NET Framework not found, xrefs: 00459E19
                                                                                                                                                                    • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 00459D18
                                                                                                                                                                    • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 00459CAE
                                                                                                                                                                    • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 00459D7F
                                                                                                                                                                    • .NET Framework version %s not found, xrefs: 00459E05
                                                                                                                                                                    • v1.1.4322, xrefs: 00459DBE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$Open
                                                                                                                                                                    • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                                                                                                                    • API String ID: 2976201327-446240816
                                                                                                                                                                    • Opcode ID: 1aa85c752a1d3603d52ccaef4dc6b008277cbbbe6d6d1b8f5b44ec9793cd717f
                                                                                                                                                                    • Instruction ID: 13a12a4b366685baa8d6a2e304724611cbcec49206d2204e0959de5a5d6478e2
                                                                                                                                                                    • Opcode Fuzzy Hash: 1aa85c752a1d3603d52ccaef4dc6b008277cbbbe6d6d1b8f5b44ec9793cd717f
                                                                                                                                                                    • Instruction Fuzzy Hash: 6451B235A04104EFCB04DB66D862BEE77BADB49305F1844BBA941D7382E7799E0D8B18
                                                                                                                                                                    Function 00459240 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00459277
                                                                                                                                                                    • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00459293
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 004592A1
                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?), ref: 004592B2
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 004592F9
                                                                                                                                                                    • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00459315
                                                                                                                                                                    Strings
                                                                                                                                                                    • Stopping 64-bit helper process. (PID: %u), xrefs: 00459269
                                                                                                                                                                    • Helper isn't responding; killing it., xrefs: 00459283
                                                                                                                                                                    • Helper process exited with failure code: 0x%x, xrefs: 004592DF
                                                                                                                                                                    • Helper process exited, but failed to get exit code., xrefs: 004592EB
                                                                                                                                                                    • Helper process exited., xrefs: 004592C1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                                                                                                                    • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                                                                                                                    • API String ID: 3355656108-1243109208
                                                                                                                                                                    • Opcode ID: 532675b47aea9993cd02b00838fc1a04c28971853a4d2aedcf620574d0bffec7
                                                                                                                                                                    • Instruction ID: 475b633a8f1197f12a32b7740e8dffccf3703e2e74a756bc360da45c31bde27f
                                                                                                                                                                    • Opcode Fuzzy Hash: 532675b47aea9993cd02b00838fc1a04c28971853a4d2aedcf620574d0bffec7
                                                                                                                                                                    • Instruction Fuzzy Hash: 7B215C70604700EAC720EA7DC486B5B77D49F49305F048D2EB899DB693DA7CEC489B2A
                                                                                                                                                                    Function 00454C90 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E234: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042E260
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,00454E67,?,00000000,00454F2B), ref: 00454DB7
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,00454E67,?,00000000,00454F2B), ref: 00454EF3
                                                                                                                                                                      • Part of subcall function 0042ED18: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004539D7,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042ED37
                                                                                                                                                                    Strings
                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454CCF
                                                                                                                                                                    • RegCreateKeyEx, xrefs: 00454D2B
                                                                                                                                                                    • , xrefs: 00454D19
                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454CFF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateFormatMessageQueryValue
                                                                                                                                                                    • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                                                                    • API String ID: 2481121983-1280779767
                                                                                                                                                                    • Opcode ID: b6ffbb3ec401a4e54a16accd51bb741a55335ee7b4888f399209f52035b0ecff
                                                                                                                                                                    • Instruction ID: 61cb1c98edcfe528623c145d9993427f2b00fea00e486b8f0244815ce8f04fab
                                                                                                                                                                    • Opcode Fuzzy Hash: b6ffbb3ec401a4e54a16accd51bb741a55335ee7b4888f399209f52035b0ecff
                                                                                                                                                                    • Instruction Fuzzy Hash: 18810175900209ABDB01DFD5C942BDEB7B8FB49709F50442AF900FB282D7789A49CB69
                                                                                                                                                                    Function 00498538 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00454024: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00498709,_iu,?,00000000,0045415E), ref: 00454113
                                                                                                                                                                      • Part of subcall function 00454024: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00498709,_iu,?,00000000,0045415E), ref: 00454123
                                                                                                                                                                    • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 004985B5
                                                                                                                                                                    • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,00498709), ref: 004985D6
                                                                                                                                                                    • CreateWindowExA.USER32(00000000,STATIC,00498718,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 004985FD
                                                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,00497D90), ref: 00498610
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,004986DC,?,?,000000FC,00497D90,00000000,STATIC,00498718), ref: 00498640
                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 004986B4
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,004986DC,?,?,000000FC,00497D90,00000000), ref: 004986C0
                                                                                                                                                                      • Part of subcall function 00454498: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0045457F
                                                                                                                                                                    • DestroyWindow.USER32(?,004986E3,00000000,00000000,00000000,00000000,00000000,00000097,00000000,004986DC,?,?,000000FC,00497D90,00000000,STATIC), ref: 004986D6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$File$CloseCreateHandle$AttributesCopyDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                                                                                                                    • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                                                                                                                    • API String ID: 1549857992-2312673372
                                                                                                                                                                    • Opcode ID: 20b62e328631041156595d76ffccff6157c6c0688f7e5e1117bac7cb73931d9d
                                                                                                                                                                    • Instruction ID: 19a9ac76a87cbdbac9fefc72f4bc8d66673aab5a8439699f4ab81f25108c8d39
                                                                                                                                                                    • Opcode Fuzzy Hash: 20b62e328631041156595d76ffccff6157c6c0688f7e5e1117bac7cb73931d9d
                                                                                                                                                                    • Instruction Fuzzy Hash: 78414771A54204AFDF00EBA5CC42F9E7BF8EB09714F51457AF500FB291DA799E048B58
                                                                                                                                                                    Function 0042E868 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 86registrylibraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E96D,?,00000000,0047F9E0,00000000), ref: 0042E891
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E897
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E96D,?,00000000,0047F9E0,00000000), ref: 0042E8E5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                    • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll$hE
                                                                                                                                                                    • API String ID: 4190037839-2100363064
                                                                                                                                                                    • Opcode ID: 0d0542b490789496275326bf467ee48a418aeea0f636004cd32046c80f98ed15
                                                                                                                                                                    • Instruction ID: 343416b7bfae85f45959abe8e21461bd4048f30ead5244c3b453dfa896624356
                                                                                                                                                                    • Opcode Fuzzy Hash: 0d0542b490789496275326bf467ee48a418aeea0f636004cd32046c80f98ed15
                                                                                                                                                                    • Instruction Fuzzy Hash: 06214470B00229EBDB50EAA7DC42BAE77A8EB44314F904477A500E7281DB7C9E45DB1C
                                                                                                                                                                    Function 004635E4 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetActiveWindow.USER32 ref: 004635F0
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll), ref: 00463604
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00463611
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0046361E
                                                                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 0046366A
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 004636A8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                                                                                    • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                                                                                    • API String ID: 2610873146-3407710046
                                                                                                                                                                    • Opcode ID: 5d54fb813e64eee8d2e1fd1d869d3f84fcc541412d8aec38238ce219d7c6ea2a
                                                                                                                                                                    • Instruction ID: 23225dc964baf5770c03b9449d190f9fd0809e25ab0c2f23061680c52a7637e8
                                                                                                                                                                    • Opcode Fuzzy Hash: 5d54fb813e64eee8d2e1fd1d869d3f84fcc541412d8aec38238ce219d7c6ea2a
                                                                                                                                                                    • Instruction Fuzzy Hash: AE21C2B17006446BD320EE68CC45F3B76D9EB84B05F09452EF944DB3C1EA78DD004B5A
                                                                                                                                                                    Function 0042F614 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetActiveWindow.USER32 ref: 0042F620
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042F634
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042F641
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042F64E
                                                                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 0042F69A
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042F6D8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                                                                                    • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                                                                                    • API String ID: 2610873146-3407710046
                                                                                                                                                                    • Opcode ID: 9e18f176ca51f207d9f48e4ded0b32e3445f45e6b18c2f86467d84d44384674f
                                                                                                                                                                    • Instruction ID: 8e363f887434259cf3ecd6bfca6d9ac669349ab4594bae960fb014309ef79425
                                                                                                                                                                    • Opcode Fuzzy Hash: 9e18f176ca51f207d9f48e4ded0b32e3445f45e6b18c2f86467d84d44384674f
                                                                                                                                                                    • Instruction Fuzzy Hash: BC21C2B27006146FD600EA68DC85F3B72A9EB84704F89463AF944DB391DA78DC098B59
                                                                                                                                                                    Function 00459418 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,004595F7,?,00000000,0045965A,?,?,021B3858,00000000), ref: 00459475
                                                                                                                                                                    • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,021B3858,?,00000000,0045958C,?,00000000,00000001,00000000,00000000,00000000,004595F7), ref: 004594D2
                                                                                                                                                                    • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,021B3858,?,00000000,0045958C,?,00000000,00000001,00000000,00000000,00000000,004595F7), ref: 004594DF
                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 0045952B
                                                                                                                                                                    • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00459565,?,-00000020,0000000C,-00004034,00000014,021B3858,?,00000000,0045958C,?,00000000), ref: 00459551
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,00000001,00459565,?,-00000020,0000000C,-00004034,00000014,021B3858,?,00000000,0045958C,?,00000000), ref: 00459558
                                                                                                                                                                      • Part of subcall function 00453C04: GetLastError.KERNEL32(00000000,00454799,00000005,00000000,004547CE,?,?,00000000,0049D62C,00000004,00000000,00000000,00000000,?,00499C8D,00000000), ref: 00453C07
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                                                                                                                    • String ID: CreateEvent$TransactNamedPipe
                                                                                                                                                                    • API String ID: 2182916169-3012584893
                                                                                                                                                                    • Opcode ID: 2618eb8f82b7fcae8c54417f8b801ab346b8bd0876edb413d9bfb7ac3f974125
                                                                                                                                                                    • Instruction ID: 77fbb71d8e7aac064b87aac98c1c55f9fcb2258c1561d492b861e589c0c855dd
                                                                                                                                                                    • Opcode Fuzzy Hash: 2618eb8f82b7fcae8c54417f8b801ab346b8bd0876edb413d9bfb7ac3f974125
                                                                                                                                                                    • Instruction Fuzzy Hash: CF418B71A00208FFDB11DF99C981F9EB7F9EB48710F5040AAF904E7282D6789E54CB68
                                                                                                                                                                    Function 004574BC Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00457621,?,?,00000031,?), ref: 004574E4
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 004574EA
                                                                                                                                                                    • LoadTypeLib.OLEAUT32(00000000,?), ref: 00457537
                                                                                                                                                                      • Part of subcall function 00453C04: GetLastError.KERNEL32(00000000,00454799,00000005,00000000,004547CE,?,?,00000000,0049D62C,00000004,00000000,00000000,00000000,?,00499C8D,00000000), ref: 00453C07
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                                                                                                                    • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                                                                                                                    • API String ID: 1914119943-2711329623
                                                                                                                                                                    • Opcode ID: b2a57cb5d0d4215bed9739cbf0b7be67a86da8044cbf193a82d044f72dd204c0
                                                                                                                                                                    • Instruction ID: 559faf3bdf9cccbe36ab56d48fd8e4aa4276a02661c60707683b87f46ce48c1c
                                                                                                                                                                    • Opcode Fuzzy Hash: b2a57cb5d0d4215bed9739cbf0b7be67a86da8044cbf193a82d044f72dd204c0
                                                                                                                                                                    • Instruction Fuzzy Hash: 8131B471A04604BFCB01EFAADC01D5FB7BEEB8975571044B6BD04D3652EA38DD04CA68
                                                                                                                                                                    Function 004171D0 Relevance: 15.2, APIs: 10, Instructions: 167windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RectVisible.GDI32(?,?), ref: 00417263
                                                                                                                                                                    • SaveDC.GDI32(?), ref: 00417277
                                                                                                                                                                    • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 0041729A
                                                                                                                                                                    • RestoreDC.GDI32(?,?), ref: 004172B5
                                                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 00417335
                                                                                                                                                                    • FrameRect.USER32(?,?,?), ref: 00417368
                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00417372
                                                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 00417382
                                                                                                                                                                    • FrameRect.USER32(?,?,?), ref: 004173B5
                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004173BF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 375863564-0
                                                                                                                                                                    • Opcode ID: 53338b723e60019b0e5d7787f83bb0eaf38aae583f1cfacba6e60a06ab1a3e99
                                                                                                                                                                    • Instruction ID: 6654575de22a121332528345891e4d9aada139d791074539051cb87a9fd886f5
                                                                                                                                                                    • Opcode Fuzzy Hash: 53338b723e60019b0e5d7787f83bb0eaf38aae583f1cfacba6e60a06ab1a3e99
                                                                                                                                                                    • Instruction Fuzzy Hash: 30515D712086455FDB50EF69C8C0B9B7BE8AF48314F1455AAFD588B286C738EC81CB99
                                                                                                                                                                    Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                                                                                                                                                    • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                                                                                                                                                    • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                                                                                                                                                    • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                                                                                                                                                    • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                                                                                                                                                    • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1694776339-0
                                                                                                                                                                    • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                                                                                    • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                                                                                    • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                                                                                                                                                    Function 00422638 Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemMenu.USER32(00000000,00000000), ref: 00422683
                                                                                                                                                                    • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 004226A1
                                                                                                                                                                    • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 004226AE
                                                                                                                                                                    • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 004226BB
                                                                                                                                                                    • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 004226C8
                                                                                                                                                                    • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 004226D5
                                                                                                                                                                    • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 004226E2
                                                                                                                                                                    • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 004226EF
                                                                                                                                                                    • EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 0042270D
                                                                                                                                                                    • EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 00422729
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Menu$Delete$EnableItem$System
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3985193851-0
                                                                                                                                                                    • Opcode ID: 28c3c26aa58a7b1d0b737a17757400c93c751d32761aa9437bbdc0a385d65993
                                                                                                                                                                    • Instruction ID: df9c0873c136ddd24b8aa988775969986c1613bec62327c4069b14a2c43cb384
                                                                                                                                                                    • Opcode Fuzzy Hash: 28c3c26aa58a7b1d0b737a17757400c93c751d32761aa9437bbdc0a385d65993
                                                                                                                                                                    • Instruction Fuzzy Hash: 5F2156743847047AE721E724CD8BF9B7BD89B54748F144069B6487F2D3C6FCAA40869C
                                                                                                                                                                    Function 00482C40 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 175windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00482DFD
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00482E11
                                                                                                                                                                    • SendNotifyMessageA.USER32(00010432,00000496,00002710,00000000), ref: 00482E83
                                                                                                                                                                    Strings
                                                                                                                                                                    • Deinitializing Setup., xrefs: 00482C5E
                                                                                                                                                                    • Not restarting Windows because Setup is being run from the debugger., xrefs: 00482E32
                                                                                                                                                                    • GetCustomSetupExitCode, xrefs: 00482C9D
                                                                                                                                                                    • DeinitializeSetup, xrefs: 00482CF9
                                                                                                                                                                    • Restarting Windows., xrefs: 00482E5E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeLibrary$MessageNotifySend
                                                                                                                                                                    • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                                                                                                                                                    • API String ID: 3817813901-1884538726
                                                                                                                                                                    • Opcode ID: d605c15fedec7bf27de2a7d8f66a4bfcd4949817553b1f0f4713fdc53db01ef0
                                                                                                                                                                    • Instruction ID: 87ca8a1097935e6c4637b022688acffdd958b69fb8a4991d3dc3ea9519d40e2c
                                                                                                                                                                    • Opcode Fuzzy Hash: d605c15fedec7bf27de2a7d8f66a4bfcd4949817553b1f0f4713fdc53db01ef0
                                                                                                                                                                    • Instruction Fuzzy Hash: F851AA30600200EFD711EF6AD949B6E7BE4EB19718F51897BE800D72A1DBB89C45CB5D
                                                                                                                                                                    Function 00462174 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SHGetMalloc.SHELL32(?), ref: 004621AF
                                                                                                                                                                    • GetActiveWindow.USER32 ref: 00462213
                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00462227
                                                                                                                                                                    • SHBrowseForFolder.SHELL32(?), ref: 0046223E
                                                                                                                                                                    • CoUninitialize.OLE32(0046227F,00000000,?,?,?,?,?,00000000,00462303), ref: 00462253
                                                                                                                                                                    • SetActiveWindow.USER32(?,0046227F,00000000,?,?,?,?,?,00000000,00462303), ref: 00462269
                                                                                                                                                                    • SetActiveWindow.USER32(?,?,0046227F,00000000,?,?,?,?,?,00000000,00462303), ref: 00462272
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ActiveWindow$BrowseFolderInitializeMallocUninitialize
                                                                                                                                                                    • String ID: A
                                                                                                                                                                    • API String ID: 2684663990-3554254475
                                                                                                                                                                    • Opcode ID: caefdfe045defb9a034f2c4a917009fdef53ece79d7542ea0497d69e424cd409
                                                                                                                                                                    • Instruction ID: 1e82777cc352b96db12449cf8796706bfa71e84f11e11660080683620fe74db3
                                                                                                                                                                    • Opcode Fuzzy Hash: caefdfe045defb9a034f2c4a917009fdef53ece79d7542ea0497d69e424cd409
                                                                                                                                                                    • Instruction Fuzzy Hash: E23130B0E04208AFDB00EFB5D945ADEBBF8EB09304F51447AF914E7251E7789A04CB59
                                                                                                                                                                    Function 0045DAB0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045DAB9
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,inflate), ref: 0045DAC9
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045DAD9
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045DAE9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                    • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                                                                                                                                                    • API String ID: 190572456-3516654456
                                                                                                                                                                    • Opcode ID: 5abc5c05f731a0f84057b652f47985810eed84a0374322df604e0c431af132d1
                                                                                                                                                                    • Instruction ID: 9991d33b7b3f44c4a287d390de66c621eb38f0a325e11cae05c3c9c0ae6f74c7
                                                                                                                                                                    • Opcode Fuzzy Hash: 5abc5c05f731a0f84057b652f47985810eed84a0374322df604e0c431af132d1
                                                                                                                                                                    • Instruction Fuzzy Hash: ED016CB0D00710DAE324DF335C827223AA79B94306F1584376B4853266D3FC184DCE2D
                                                                                                                                                                    Function 0041AD2C Relevance: 13.7, APIs: 9, Instructions: 176windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 0041AE09
                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0041AE43
                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 0041AE58
                                                                                                                                                                    • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041AEA2
                                                                                                                                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0041AEAD
                                                                                                                                                                    • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AEBD
                                                                                                                                                                    • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AEFC
                                                                                                                                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0041AF06
                                                                                                                                                                    • SetBkColor.GDI32(00000000,?), ref: 0041AF13
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Color$StretchText
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2984075790-0
                                                                                                                                                                    • Opcode ID: b2e79564dac12e93c58a92479de6674996e515196b856df7b31fa3c4552ba36b
                                                                                                                                                                    • Instruction ID: 4ec4bb7d7ecd06ab75a809c898bbb7394ceff3bd51f581de865bbf99f3132505
                                                                                                                                                                    • Opcode Fuzzy Hash: b2e79564dac12e93c58a92479de6674996e515196b856df7b31fa3c4552ba36b
                                                                                                                                                                    • Instruction Fuzzy Hash: E761A6B5A01605EFC740EFADE985E9AB7F9EF08318B108566F518DB251C734ED408F98
                                                                                                                                                                    Function 0044D750 Relevance: 13.6, APIs: 9, Instructions: 90COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • OffsetRect.USER32(?,00000001,00000001), ref: 0044D781
                                                                                                                                                                    • GetSysColor.USER32(00000014), ref: 0044D788
                                                                                                                                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0044D7A0
                                                                                                                                                                    • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D7C9
                                                                                                                                                                    • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044D7D3
                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 0044D7DA
                                                                                                                                                                    • SetTextColor.GDI32(00000000,00000000), ref: 0044D7F2
                                                                                                                                                                    • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D81B
                                                                                                                                                                    • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D846
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Text$Color$Draw$OffsetRect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1005981011-0
                                                                                                                                                                    • Opcode ID: c732eae71167dd8aa6631ccdc206b1dcbb1a1316a8d8e9d7e0f026f0b59abdf9
                                                                                                                                                                    • Instruction ID: 83f763003a0c4173e52025d9049416b14570b2719a823760897ab970dc451d42
                                                                                                                                                                    • Opcode Fuzzy Hash: c732eae71167dd8aa6631ccdc206b1dcbb1a1316a8d8e9d7e0f026f0b59abdf9
                                                                                                                                                                    • Instruction Fuzzy Hash: B221ACB46015047FC710FB2ACD8AE8AB7DC9F59319B00857BB918EB3A3C67CDE444669
                                                                                                                                                                    Function 00497DDC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00451070: SetEndOfFile.KERNEL32(?,?,0045CB3E,00000000,0045CCC9,?,00000000,00000002,00000002), ref: 00451077
                                                                                                                                                                      • Part of subcall function 004073A0: DeleteFileA.KERNEL32(00000000,0049D62C,00499FD9,00000000,0049A02E,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 004073AB
                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 00497E6D
                                                                                                                                                                    • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 00497E81
                                                                                                                                                                    • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 00497E9B
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00497EA7
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00497EAD
                                                                                                                                                                    • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 00497EC0
                                                                                                                                                                    Strings
                                                                                                                                                                    • Deleting Uninstall data files., xrefs: 00497DE3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                                                                                                                                                    • String ID: Deleting Uninstall data files.
                                                                                                                                                                    • API String ID: 1570157960-2568741658
                                                                                                                                                                    • Opcode ID: f5382339a75486d9eb08d5f2d8d8928ccf79879db8f2cb5fdd8c1c1a546f684b
                                                                                                                                                                    • Instruction ID: 7989a93d4f85e89f9f4a8d52eef74e044f35551c753dc98037dc67a034be62a8
                                                                                                                                                                    • Opcode Fuzzy Hash: f5382339a75486d9eb08d5f2d8d8928ccf79879db8f2cb5fdd8c1c1a546f684b
                                                                                                                                                                    • Instruction Fuzzy Hash: 78213270718204BEEF10EBB6AC42B5737A8E755758F15497BF500961E2EA7C5C048B1D
                                                                                                                                                                    Function 00471058 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,00471155,?,?,?,?,00000000), ref: 004710BF
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,00471155), ref: 004710D6
                                                                                                                                                                    • AddFontResourceA.GDI32(00000000), ref: 004710F3
                                                                                                                                                                    • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00471107
                                                                                                                                                                    Strings
                                                                                                                                                                    • AddFontResource, xrefs: 00471111
                                                                                                                                                                    • Failed to set value in Fonts registry key., xrefs: 004710C8
                                                                                                                                                                    • Failed to open Fonts registry key., xrefs: 004710DD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                                                                                                                                                    • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                                                                                                                                                    • API String ID: 955540645-649663873
                                                                                                                                                                    • Opcode ID: 8b4590871c18eeae088a7c2d90715e56c0871639f9d032f97c1a61f902beaf2d
                                                                                                                                                                    • Instruction ID: e530b8863bd5b0940b7b47d45e6c2b04f0dd933a31ed90210a2cbfb1d5868c86
                                                                                                                                                                    • Opcode Fuzzy Hash: 8b4590871c18eeae088a7c2d90715e56c0871639f9d032f97c1a61f902beaf2d
                                                                                                                                                                    • Instruction Fuzzy Hash: 3821B27074024477D710EA6A9C42F9A77ACCB09708F60C43BBA04EB3D2DA7CDE05862D
                                                                                                                                                                    Function 00463A24 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00416860: GetClassInfoA.USER32(00400000,?,?), ref: 004168CF
                                                                                                                                                                      • Part of subcall function 00416860: UnregisterClassA.USER32(?,00400000), ref: 004168FB
                                                                                                                                                                      • Part of subcall function 00416860: RegisterClassA.USER32(?), ref: 0041691E
                                                                                                                                                                    • GetVersion.KERNEL32 ref: 00463A54
                                                                                                                                                                    • SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 00463A92
                                                                                                                                                                    • SHGetFileInfo.SHELL32(00463B30,00000000,?,00000160,00004011), ref: 00463AAF
                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F02), ref: 00463ACD
                                                                                                                                                                    • SetCursor.USER32(00000000,00000000,00007F02,00463B30,00000000,?,00000160,00004011), ref: 00463AD3
                                                                                                                                                                    • SetCursor.USER32(?,00463B13,00007F02,00463B30,00000000,?,00000160,00004011), ref: 00463B06
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                                                                                                                                                    • String ID: Explorer
                                                                                                                                                                    • API String ID: 2594429197-512347832
                                                                                                                                                                    • Opcode ID: 08ef91ce8ca4084e417ba220884df78b79a66e01962786801913a20119982a52
                                                                                                                                                                    • Instruction ID: 0956d246c88e4b13c617490cc10e92cdb10fa67267cb1644ec11604dcab5a564
                                                                                                                                                                    • Opcode Fuzzy Hash: 08ef91ce8ca4084e417ba220884df78b79a66e01962786801913a20119982a52
                                                                                                                                                                    • Instruction Fuzzy Hash: 6A212C307403446AE710BFB58C47F9A76989B08708F5000BFBA09EE1C3EABD9D4586AD
                                                                                                                                                                    Function 004795B8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66libraryfileloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,021B79F0,?,?,?,021B79F0,0047977C,00000000,0047989A,?,?,?,?), ref: 004795D1
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004795D7
                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021B79F0,?,?,?,021B79F0,0047977C,00000000,0047989A,?,?,?,?), ref: 004795EA
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021B79F0,?,?,?,021B79F0), ref: 00479614
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,021B79F0,0047977C,00000000,0047989A,?,?,?,?), ref: 00479632
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileHandle$AddressAttributesCloseCreateModuleProc
                                                                                                                                                                    • String ID: GetFinalPathNameByHandleA$kernel32.dll
                                                                                                                                                                    • API String ID: 2704155762-2318956294
                                                                                                                                                                    • Opcode ID: 0caf08f703f3753db6ef1286dee5357dec174cc4a33c6c56db1bec7d407b2b21
                                                                                                                                                                    • Instruction ID: 19ddb68189d16dccfde8b10573e35333770f7cebea86a77b7f1be6907437da3a
                                                                                                                                                                    • Opcode Fuzzy Hash: 0caf08f703f3753db6ef1286dee5357dec174cc4a33c6c56db1bec7d407b2b21
                                                                                                                                                                    • Instruction Fuzzy Hash: CC01D26034470436E52131BA4C86FBB248C8B50768F148237BA1CEA2E2EDAD9E0601AE
                                                                                                                                                                    Function 0045A608 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,0045A78A,?,00000000,00000000,00000000,?,00000006,?,00000000,00499145,?,00000000,004991E8), ref: 0045A6CE
                                                                                                                                                                      • Part of subcall function 00454B5C: FindClose.KERNEL32(000000FF,00454C52), ref: 00454C41
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to delete directory (%d)., xrefs: 0045A764
                                                                                                                                                                    • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 0045A743
                                                                                                                                                                    • Failed to strip read-only attribute., xrefs: 0045A69C
                                                                                                                                                                    • Stripped read-only attribute., xrefs: 0045A690
                                                                                                                                                                    • Failed to delete directory (%d). Will retry later., xrefs: 0045A6E7
                                                                                                                                                                    • Deleting directory: %s, xrefs: 0045A657
                                                                                                                                                                    • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 0045A6A8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseErrorFindLast
                                                                                                                                                                    • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                                                                                                                    • API String ID: 754982922-1448842058
                                                                                                                                                                    • Opcode ID: 85732bd228a2a83cae158566f07fa3d639507cacb6524005fd82c17153421e64
                                                                                                                                                                    • Instruction ID: 6800a92dfaec35f14ad088af188abd42280c19cea7490fe80134e7d3278dcbe3
                                                                                                                                                                    • Opcode Fuzzy Hash: 85732bd228a2a83cae158566f07fa3d639507cacb6524005fd82c17153421e64
                                                                                                                                                                    • Instruction Fuzzy Hash: 62418630A002485ACB10EB6988017AE7AF59B4D306F55867FAC11A7393DB7CCE1D875B
                                                                                                                                                                    Function 004232A0 Relevance: 12.1, APIs: 8, Instructions: 119windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCapture.USER32 ref: 004232F4
                                                                                                                                                                    • GetCapture.USER32 ref: 00423303
                                                                                                                                                                    • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00423309
                                                                                                                                                                    • ReleaseCapture.USER32 ref: 0042330E
                                                                                                                                                                    • GetActiveWindow.USER32 ref: 0042331D
                                                                                                                                                                    • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 0042339C
                                                                                                                                                                    • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00423400
                                                                                                                                                                    • GetActiveWindow.USER32 ref: 0042340F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 862346643-0
                                                                                                                                                                    • Opcode ID: d9380d40216893d5da3b7cdbd77200013d3eec6b18e09e7dbb0ac75e23fe843e
                                                                                                                                                                    • Instruction ID: 3a9af59dda1f98e95100fec3f153a7acb7f05633bd4cd2eb2e4992da2b7770c9
                                                                                                                                                                    • Opcode Fuzzy Hash: d9380d40216893d5da3b7cdbd77200013d3eec6b18e09e7dbb0ac75e23fe843e
                                                                                                                                                                    • Instruction Fuzzy Hash: 68414170B10258AFDB10EFAAD942B9DB7F1AF44704F5140BAE404AB292DB7C9F41CB18
                                                                                                                                                                    Function 004298D0 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 004298DA
                                                                                                                                                                    • GetTextMetricsA.GDI32(00000000), ref: 004298E3
                                                                                                                                                                      • Part of subcall function 0041A638: CreateFontIndirectA.GDI32(?), ref: 0041A6F7
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004298F2
                                                                                                                                                                    • GetTextMetricsA.GDI32(00000000,?), ref: 004298FF
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00429906
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0042990E
                                                                                                                                                                    • GetSystemMetrics.USER32(00000006), ref: 00429933
                                                                                                                                                                    • GetSystemMetrics.USER32(00000006), ref: 0042994D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Metrics$ObjectSelectSystemText$CreateFontIndirectRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1583807278-0
                                                                                                                                                                    • Opcode ID: 493c3e02d1035430593376a4cfe0bac28c29019347665ee68c3eba71a2dbb902
                                                                                                                                                                    • Instruction ID: 0ef879b540a67ceb128a5e1141d84f2d1524799c58b88ee5a2ee57f477153a9f
                                                                                                                                                                    • Opcode Fuzzy Hash: 493c3e02d1035430593376a4cfe0bac28c29019347665ee68c3eba71a2dbb902
                                                                                                                                                                    • Instruction Fuzzy Hash: 8401A19170971127F310667A9CC2B6F6688DB54368F44053EFA86963E3D96C8C81876E
                                                                                                                                                                    Function 0041E274 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0041E277
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041E281
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0041E28E
                                                                                                                                                                    • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041E29D
                                                                                                                                                                    • GetStockObject.GDI32(00000007), ref: 0041E2AB
                                                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 0041E2B7
                                                                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 0041E2C3
                                                                                                                                                                    • LoadIconA.USER32(00000000,00007F00), ref: 0041E2D4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ObjectStock$CapsDeviceIconLoadRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 225703358-0
                                                                                                                                                                    • Opcode ID: db53187b583683c3da25eb47fc51b38c63e1255722fbf2352793706f85574c6b
                                                                                                                                                                    • Instruction ID: 718266ba1944efb5b46721f14e799226cd24d8dfc19287898d5783b558d94fa9
                                                                                                                                                                    • Opcode Fuzzy Hash: db53187b583683c3da25eb47fc51b38c63e1255722fbf2352793706f85574c6b
                                                                                                                                                                    • Instruction Fuzzy Hash: 1111FB70A453015AE340BFA69D52BAA3691D724709F00813BF608EF3D2DB7D5C809BAD
                                                                                                                                                                    Function 00463E34 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F02), ref: 00463F38
                                                                                                                                                                    • SetCursor.USER32(00000000,00000000,00007F02,00000000,00463FCD), ref: 00463F3E
                                                                                                                                                                    • SetCursor.USER32(?,00463FB5,00007F02,00000000,00463FCD), ref: 00463FA8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Cursor$Load
                                                                                                                                                                    • String ID: $ $Internal error: Item already expanding
                                                                                                                                                                    • API String ID: 1675784387-1948079669
                                                                                                                                                                    • Opcode ID: 1a549665fc0cf087d2098154fa2b3ef2d2c9fb16f1337353c5ab2cea0e9002d2
                                                                                                                                                                    • Instruction ID: aa82ab3995de3935e6727d947cb2bd0e3876d59c6d9623ce98a17a39b04bf081
                                                                                                                                                                    • Opcode Fuzzy Hash: 1a549665fc0cf087d2098154fa2b3ef2d2c9fb16f1337353c5ab2cea0e9002d2
                                                                                                                                                                    • Instruction Fuzzy Hash: 67B1E230A00244DFDB14DF65C549B9EBBF1AF45304F1584AAE8459B392E778EE84CB0A
                                                                                                                                                                    Function 00454498 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 225COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0045457F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: PrivateProfileStringWrite
                                                                                                                                                                    • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                                                                                                                    • API String ID: 390214022-3304407042
                                                                                                                                                                    • Opcode ID: 7fc08df52904c59b3176bd425c815c443ddc94d3e7b0bfcf8c3a045116732771
                                                                                                                                                                    • Instruction ID: e87d0749b1697b84d3b9cc82c23e20e51564d8fa8ce324392089b518a873d649
                                                                                                                                                                    • Opcode Fuzzy Hash: 7fc08df52904c59b3176bd425c815c443ddc94d3e7b0bfcf8c3a045116732771
                                                                                                                                                                    • Instruction Fuzzy Hash: B8913334E001499BDB01EFA5D882BDEB7B5EF49309F508467E900BB292D77C9E49CB58
                                                                                                                                                                    Function 00477E98 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 00477EF1
                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000FC,Function_00077E4C), ref: 00477F18
                                                                                                                                                                    • GetACP.KERNEL32(00000000,00478130,?,00000000,0047815A), ref: 00477F55
                                                                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00477F9B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ClassInfoLongMessageSendWindow
                                                                                                                                                                    • String ID: COMBOBOX$Inno Setup: Language
                                                                                                                                                                    • API String ID: 3391662889-4234151509
                                                                                                                                                                    • Opcode ID: deb51ddf8cca9870b91e1d9d0dcad9b4f5c78b57c6cc0b96f0beb683c572e979
                                                                                                                                                                    • Instruction ID: 81c94a85f2d0ae2d33cbd4ee74d6221623364a49e9b2571c8ba4411711431487
                                                                                                                                                                    • Opcode Fuzzy Hash: deb51ddf8cca9870b91e1d9d0dcad9b4f5c78b57c6cc0b96f0beb683c572e979
                                                                                                                                                                    • Instruction Fuzzy Hash: 65813C34A00205DFD710EF69C989AAAB7F0FB49304F55C1BAE848D7362DB38AD45CB59
                                                                                                                                                                    Function 0047E980 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,0047EAF4,?,?,?,?,00000000,0047EC49,?,?,?,00000000,?,0047ED58), ref: 0047EAD0
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,0047EAFB,0047EAF4,?,?,?,?,00000000,0047EC49,?,?,?,00000000,?,0047ED58,00000000), ref: 0047EAEE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$CloseFileNext
                                                                                                                                                                    • String ID: TG$TG
                                                                                                                                                                    • API String ID: 2066263336-2531790037
                                                                                                                                                                    • Opcode ID: 4f19509eb949b5f888259d0a0f13ffe1620e7278b42587404a1e94d273e38392
                                                                                                                                                                    • Instruction ID: 49c023a3d40347f396a503d53546bb693b8cfca30f5629bd36de7deb8458e88f
                                                                                                                                                                    • Opcode Fuzzy Hash: 4f19509eb949b5f888259d0a0f13ffe1620e7278b42587404a1e94d273e38392
                                                                                                                                                                    • Instruction Fuzzy Hash: F5812C7490024D9FDF11DF96C841ADFBBB9EF4D304F1081EAE508A7291D6399A46CF54
                                                                                                                                                                    Function 00408B70 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemDefaultLCID.KERNEL32(00000000,00408DB8,?,?,?,?,00000000,00000000,00000000,?,00409DBF,00000000,00409DD2), ref: 00408B8A
                                                                                                                                                                      • Part of subcall function 004089B8: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049D4C4,00000001,?,00408A83,?,00000000,00408B62), ref: 004089D6
                                                                                                                                                                      • Part of subcall function 00408A04: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,00408C06,?,?,?,00000000,00408DB8), ref: 00408A17
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoLocale$DefaultSystem
                                                                                                                                                                    • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                                                                                    • API String ID: 1044490935-665933166
                                                                                                                                                                    • Opcode ID: c69c3147cd56940e9f4fd8337a0fbc887525be67d32930313bc35b703755f031
                                                                                                                                                                    • Instruction ID: a8d7ab9d838d1b353a0e5ff474912d8a0235132b07344be0acb9e4c83fee81e1
                                                                                                                                                                    • Opcode Fuzzy Hash: c69c3147cd56940e9f4fd8337a0fbc887525be67d32930313bc35b703755f031
                                                                                                                                                                    • Instruction Fuzzy Hash: D8513D34B001486BDB01FBA5DA41A9F77A9DB98308F50947FB181BB7C6CE3CDA068759
                                                                                                                                                                    Function 00411B44 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersion.KERNEL32(00000000,00411D49), ref: 00411BDC
                                                                                                                                                                    • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 00411C9A
                                                                                                                                                                      • Part of subcall function 00411EFC: CreatePopupMenu.USER32 ref: 00411F16
                                                                                                                                                                    • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 00411D26
                                                                                                                                                                      • Part of subcall function 00411EFC: CreateMenu.USER32 ref: 00411F20
                                                                                                                                                                    • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 00411D0D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Menu$Insert$Create$ItemPopupVersion
                                                                                                                                                                    • String ID: ,$?
                                                                                                                                                                    • API String ID: 2359071979-2308483597
                                                                                                                                                                    • Opcode ID: c987c748b65508a950cf3f2169e5bd87e5634fb74b346734da7ef3b4f05fb7f7
                                                                                                                                                                    • Instruction ID: 125356fab78159fbe3d4b3b77ff780d7a0eb3536e5c02055c9c5492709250fea
                                                                                                                                                                    • Opcode Fuzzy Hash: c987c748b65508a950cf3f2169e5bd87e5634fb74b346734da7ef3b4f05fb7f7
                                                                                                                                                                    • Instruction Fuzzy Hash: 7D512674A001049BDB10EF6AED815EE7BF9EF08304B1141BAFA04E73A2E738D941CB58
                                                                                                                                                                    Function 0041C2B3 Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetObjectA.GDI32(?,00000018,?), ref: 0041C378
                                                                                                                                                                    • GetObjectA.GDI32(?,00000018,?), ref: 0041C387
                                                                                                                                                                    • GetBitmapBits.GDI32(?,?,?), ref: 0041C3D8
                                                                                                                                                                    • GetBitmapBits.GDI32(?,?,?), ref: 0041C3E6
                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0041C3EF
                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0041C3F8
                                                                                                                                                                    • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041C415
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Object$BitmapBitsDelete$CreateIcon
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1030595962-0
                                                                                                                                                                    • Opcode ID: 8204310b78e8d6a6cf9899529667619705c527fa466c5b93b01e90bd2c764378
                                                                                                                                                                    • Instruction ID: 7028de2688ff158aa25c0b8276400e232655bb6670dd4605646626e5bfc1af4e
                                                                                                                                                                    • Opcode Fuzzy Hash: 8204310b78e8d6a6cf9899529667619705c527fa466c5b93b01e90bd2c764378
                                                                                                                                                                    • Instruction Fuzzy Hash: F651F671E002199FCB50DFE9C8819EEB7F9EB48314B218066F914E7295D638AD81CB68
                                                                                                                                                                    Function 0041D328 Relevance: 10.7, APIs: 7, Instructions: 152windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041D34E
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000026), ref: 0041D36D
                                                                                                                                                                    • SelectPalette.GDI32(?,?,00000001), ref: 0041D3D3
                                                                                                                                                                    • RealizePalette.GDI32(?), ref: 0041D3E2
                                                                                                                                                                    • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041D44C
                                                                                                                                                                    • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041D48A
                                                                                                                                                                    • SelectPalette.GDI32(?,?,00000001), ref: 0041D4AF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: PaletteStretch$Select$BitsCapsDeviceModeRealize
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2222416421-0
                                                                                                                                                                    • Opcode ID: 11edf0dba9517228aa32d7039567d0e1bdcd43b434536bf7bada936ddc7c4efc
                                                                                                                                                                    • Instruction ID: 60201597840efc574cdf5035eb35bbfd27a544e021146ecd029e3556dfc27432
                                                                                                                                                                    • Opcode Fuzzy Hash: 11edf0dba9517228aa32d7039567d0e1bdcd43b434536bf7bada936ddc7c4efc
                                                                                                                                                                    • Instruction Fuzzy Hash: 305121B0A00604AFD714DFA9C985F9AB7F9EF08304F14859AB944D7392C778ED80CB58
                                                                                                                                                                    Function 00457AD8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(00000000,?,?), ref: 00457B2A
                                                                                                                                                                      • Part of subcall function 004246CC: GetWindowTextA.USER32(?,?,00000100), ref: 004246EC
                                                                                                                                                                      • Part of subcall function 0041F2F4: GetCurrentThreadId.KERNEL32 ref: 0041F343
                                                                                                                                                                      • Part of subcall function 0041F2F4: EnumThreadWindows.USER32(00000000,0041F2A4,00000000), ref: 0041F349
                                                                                                                                                                      • Part of subcall function 00424714: SetWindowTextA.USER32(?,00000000), ref: 0042472C
                                                                                                                                                                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00457B91
                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 00457BAF
                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 00457BB8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message$TextThreadWindow$CurrentDispatchEnumSendTranslateWindows
                                                                                                                                                                    • String ID: [Paused]
                                                                                                                                                                    • API String ID: 1007367021-4230553315
                                                                                                                                                                    • Opcode ID: 8f39b929066e5dde17ef7bf9f49813106d9eceee4e0607b45077cfdd9f9bed8a
                                                                                                                                                                    • Instruction ID: d952aa0340fda6d06c899081e645d661bac1146de2c671e539639067201b9655
                                                                                                                                                                    • Opcode Fuzzy Hash: 8f39b929066e5dde17ef7bf9f49813106d9eceee4e0607b45077cfdd9f9bed8a
                                                                                                                                                                    • Instruction Fuzzy Hash: BB3196309082445EDB11DFB9E845FDE7BF8DB49318F5180B7E814E7292D67CA909CB29
                                                                                                                                                                    Function 0046C0E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCursor.USER32(00000000,0046C21F), ref: 0046C19C
                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F02), ref: 0046C1AA
                                                                                                                                                                    • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046C21F), ref: 0046C1B0
                                                                                                                                                                    • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046C21F), ref: 0046C1BA
                                                                                                                                                                    • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046C21F), ref: 0046C1C0
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Cursor$LoadSleep
                                                                                                                                                                    • String ID: CheckPassword
                                                                                                                                                                    • API String ID: 4023313301-1302249611
                                                                                                                                                                    • Opcode ID: c2fe5332046b00ec619954058f05e209d56247e563ca7958298a020a06cd3411
                                                                                                                                                                    • Instruction ID: ee4704442a97aa51a819b3d11b93b6eea7a80086b594a8aac8f18d25b90f0006
                                                                                                                                                                    • Opcode Fuzzy Hash: c2fe5332046b00ec619954058f05e209d56247e563ca7958298a020a06cd3411
                                                                                                                                                                    • Instruction Fuzzy Hash: 063175346402449FD711EF69C8C9F9E7BE4AF49304F5580BAB9449B3E2E7789E40CB49
                                                                                                                                                                    Function 00478EB4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00478DDC: GetWindowThreadProcessId.USER32(00000000), ref: 00478DE4
                                                                                                                                                                      • Part of subcall function 00478DDC: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00478EDB,0049E0AC,00000000), ref: 00478DF7
                                                                                                                                                                      • Part of subcall function 00478DDC: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00478DFD
                                                                                                                                                                    • SendMessageA.USER32(00000000,0000004A,00000000,0047926E), ref: 00478EE9
                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00478F2E
                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00478F38
                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 00478F8D
                                                                                                                                                                    Strings
                                                                                                                                                                    • CallSpawnServer: Unexpected status: %d, xrefs: 00478F76
                                                                                                                                                                    • CallSpawnServer: Unexpected response: $%x, xrefs: 00478F1E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                                                                                                                                                    • String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d
                                                                                                                                                                    • API String ID: 613034392-3771334282
                                                                                                                                                                    • Opcode ID: b2e1d8d59d79f67ca6a224e872d53bca437999279a7be28f50c91e0342c7e9be
                                                                                                                                                                    • Instruction ID: 2b74b3330966d0da2430542d23b63ad4dc4eec681a1128910255243e8f8c0985
                                                                                                                                                                    • Opcode Fuzzy Hash: b2e1d8d59d79f67ca6a224e872d53bca437999279a7be28f50c91e0342c7e9be
                                                                                                                                                                    • Instruction Fuzzy Hash: E0319374F502149ADB10EBB9884A7EE76A19F48304F50843EF148EB382DA7C4D0187A9
                                                                                                                                                                    Function 00459F80 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32(626D6573,CreateAssemblyCache), ref: 0045A03B
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to get address of .NET Framework CreateAssemblyCache function, xrefs: 0045A046
                                                                                                                                                                    • .NET Framework CreateAssemblyCache function failed, xrefs: 0045A05E
                                                                                                                                                                    • CreateAssemblyCache, xrefs: 0045A032
                                                                                                                                                                    • Fusion.dll, xrefs: 00459FDB
                                                                                                                                                                    • Failed to load .NET Framework DLL "%s", xrefs: 0045A020
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                    • String ID: .NET Framework CreateAssemblyCache function failed$CreateAssemblyCache$Failed to get address of .NET Framework CreateAssemblyCache function$Failed to load .NET Framework DLL "%s"$Fusion.dll
                                                                                                                                                                    • API String ID: 190572456-3990135632
                                                                                                                                                                    • Opcode ID: d95d5d40fddf0b6030493c953464f742ef4760e894d11a5ea04ccacfdf112554
                                                                                                                                                                    • Instruction ID: ac224aa19d502af52a8aeeb8631c7515eb40ef1487658bef2565bb8923ebe5d4
                                                                                                                                                                    • Opcode Fuzzy Hash: d95d5d40fddf0b6030493c953464f742ef4760e894d11a5ea04ccacfdf112554
                                                                                                                                                                    • Instruction Fuzzy Hash: 7931A971E006059FDB10EFA5C88169EB7B4AF44715F50867BE814E7382D7389E18C79A
                                                                                                                                                                    Function 0041C598 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0041C498: GetObjectA.GDI32(?,00000018), ref: 0041C4A5
                                                                                                                                                                    • GetFocus.USER32 ref: 0041C5B8
                                                                                                                                                                    • GetDC.USER32(?), ref: 0041C5C4
                                                                                                                                                                    • SelectPalette.GDI32(?,?,00000000), ref: 0041C5E5
                                                                                                                                                                    • RealizePalette.GDI32(?), ref: 0041C5F1
                                                                                                                                                                    • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C608
                                                                                                                                                                    • SelectPalette.GDI32(?,00000000,00000000), ref: 0041C630
                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 0041C63D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Palette$Select$BitsFocusObjectRealizeRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3303097818-0
                                                                                                                                                                    • Opcode ID: 13ad04b8ebeec00c1d7dbe87a4843d5f0ce23703817d7fa7e30356844582fb0f
                                                                                                                                                                    • Instruction ID: 5608d60df95c2c9a4937b8f20fdaccdf81dd4bf5f719291f5ec9f8ce647d196e
                                                                                                                                                                    • Opcode Fuzzy Hash: 13ad04b8ebeec00c1d7dbe87a4843d5f0ce23703817d7fa7e30356844582fb0f
                                                                                                                                                                    • Instruction Fuzzy Hash: 00116DB1A00619BBDF10DBA9CC85FAFB7FCEF48700F14446AB614E7281D67899008B28
                                                                                                                                                                    Function 004190A4 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemMetrics.USER32(0000000E), ref: 004190C0
                                                                                                                                                                    • GetSystemMetrics.USER32(0000000D), ref: 004190C8
                                                                                                                                                                    • 6F532980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,?), ref: 004190CE
                                                                                                                                                                      • Part of subcall function 00410C48: 6F52C400.COMCTL32(?,000000FF,00000000,004190FC,00000000,00419158,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,?), ref: 00410C4C
                                                                                                                                                                    • 6F59CB00.COMCTL32(?,00000000,00000000,00000000,00000000,00419158,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,?), ref: 0041911E
                                                                                                                                                                    • 6F59C740.COMCTL32(00000000,?,?,00000000,00000000,00000000,00000000,00419158,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00419129
                                                                                                                                                                    • 6F59CB00.COMCTL32(?,00000001,?,?,00000000,?,?,00000000,00000000,00000000,00000000,00419158,?,00000000,0000000D,00000000), ref: 0041913C
                                                                                                                                                                    • 6F530860.COMCTL32(?,0041915F,?,00000000,?,?,00000000,00000000,00000000,00000000,00419158,?,00000000,0000000D,00000000,0000000E), ref: 00419152
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MetricsSystem$C400C740F530860F532980
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 209721339-0
                                                                                                                                                                    • Opcode ID: 3537cdd0f738fbfcd60e26d14cefecc9ad32e9dd8feb771d9bbef366dd2eac9a
                                                                                                                                                                    • Instruction ID: 9903b46d79d4c0b31f098cc3390b5efedd2ad94e5cf824da9eef417fc70482b9
                                                                                                                                                                    • Opcode Fuzzy Hash: 3537cdd0f738fbfcd60e26d14cefecc9ad32e9dd8feb771d9bbef366dd2eac9a
                                                                                                                                                                    • Instruction Fuzzy Hash: 0611B971B44204BBEB14EFA5CC87F9E73B9EB09704F504166B604EB2C1E5B99D848B58
                                                                                                                                                                    Function 00485058 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00485110), ref: 004850F5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                                                                                                                                                    • API String ID: 47109696-2530820420
                                                                                                                                                                    • Opcode ID: 304b87013fd73cebd731c15b714bf00be093f8607f48a127b9e7105ed494b01e
                                                                                                                                                                    • Instruction ID: 02a49102d00d8724c0d73e8972acf5231ddb46999e19ea23a0f5791770e41de6
                                                                                                                                                                    • Opcode Fuzzy Hash: 304b87013fd73cebd731c15b714bf00be093f8607f48a127b9e7105ed494b01e
                                                                                                                                                                    • Instruction Fuzzy Hash: FE11B230A04644ABDB00F766DC56B5F7BA8DB42744F508877A800DB782D73D9E41975D
                                                                                                                                                                    Function 0044CD48 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 57libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0044CD18: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0044CD30
                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,00000000,0044CE0A,?,?,?,?,00000000,00000000), ref: 0044CD92
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044CDA3
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044CDB3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                                                                    • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                                                                                                                                                    • API String ID: 2141747552-1050967733
                                                                                                                                                                    • Opcode ID: ea022944773ab25f9a4076fd398f24179dfceb8cd9828e0392caa77096e119c9
                                                                                                                                                                    • Instruction ID: 55534d0cd89e21a5042de7d2cb1dd0110792ae2e246426a933e63f936c6ed6e6
                                                                                                                                                                    • Opcode Fuzzy Hash: ea022944773ab25f9a4076fd398f24179dfceb8cd9828e0392caa77096e119c9
                                                                                                                                                                    • Instruction Fuzzy Hash: 361151B0A01704AFF710EFA1DCC2B5A7BA8E758719F64047BE400666A1DBBD9D448A1C
                                                                                                                                                                    Function 00496DF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00496E01
                                                                                                                                                                      • Part of subcall function 0041A638: CreateFontIndirectA.GDI32(?), ref: 0041A6F7
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00496E23
                                                                                                                                                                    • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,004973A1), ref: 00496E37
                                                                                                                                                                    • GetTextMetricsA.GDI32(00000000,?), ref: 00496E59
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00496E76
                                                                                                                                                                    Strings
                                                                                                                                                                    • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 00496E2E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Text$CreateExtentFontIndirectMetricsObjectPointReleaseSelect
                                                                                                                                                                    • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                                                                                                                    • API String ID: 2948443157-222967699
                                                                                                                                                                    • Opcode ID: aae36943e4c039aea34424998f68ade3a8833365680bc7432fe66356b3d4646c
                                                                                                                                                                    • Instruction ID: 569e85929f3d385eaff6f9e1b1d1d5c6dd8a65a34f46b30b3a8bef4bdf425d44
                                                                                                                                                                    • Opcode Fuzzy Hash: aae36943e4c039aea34424998f68ade3a8833365680bc7432fe66356b3d4646c
                                                                                                                                                                    • Instruction Fuzzy Hash: 36018476A04608AFDB05DBE9CC41F5FB7ECDB49704F11047ABA04E7281D678AE008B68
                                                                                                                                                                    Function 0041B8B2 Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 0041B8C0
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 0041B8CF
                                                                                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B8FB
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 0041B909
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 0041B917
                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 0041B920
                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 0041B929
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ObjectSelect$Delete$Stretch
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1458357782-0
                                                                                                                                                                    • Opcode ID: c5d1e2e3ff328356a4e4238c7f450765dbf7839f38aeea7c0d55facf19ccd353
                                                                                                                                                                    • Instruction ID: b8528283d587f8f5f7158778d976388ea9280e6d202ec49eeb693ac58173ed71
                                                                                                                                                                    • Opcode Fuzzy Hash: c5d1e2e3ff328356a4e4238c7f450765dbf7839f38aeea7c0d55facf19ccd353
                                                                                                                                                                    • Instruction Fuzzy Hash: 5A118EB2F04619ABDB10D6DDC885FEFB7BCEB08314F044415B614FB241C678AD418B54
                                                                                                                                                                    Function 004237E4 Relevance: 10.6, APIs: 7, Instructions: 56threadwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCursorPos.USER32 ref: 004237FF
                                                                                                                                                                    • WindowFromPoint.USER32(?,?), ref: 0042380C
                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0042381A
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00423821
                                                                                                                                                                    • SendMessageA.USER32(00000000,00000084,?,?), ref: 0042383A
                                                                                                                                                                    • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 00423851
                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 00423863
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1770779139-0
                                                                                                                                                                    • Opcode ID: bca67253d695687129505d4dd6b4be75de0481567bd8dbfc76009214d22bf118
                                                                                                                                                                    • Instruction ID: d55a13ab3e3fc67d9c1f0c697d1027359b93869cc9afd0973a071b09e334c979
                                                                                                                                                                    • Opcode Fuzzy Hash: bca67253d695687129505d4dd6b4be75de0481567bd8dbfc76009214d22bf118
                                                                                                                                                                    • Instruction Fuzzy Hash: 9901D42230521036D6207B7A5C86E2F22E8CBC5B65F51443FB609BF282D93D8C01976D
                                                                                                                                                                    Function 00496C14 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll), ref: 00496C24
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00496C31
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00496C3E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                    • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                                                                                                                                                    • API String ID: 667068680-2254406584
                                                                                                                                                                    • Opcode ID: 1a62ebb246959f38fae6f97a16ae9b6e3f147e8fdc483f677f644595477796c0
                                                                                                                                                                    • Instruction ID: 0100053a3692f287516410ec157e21cb1b88c24c6f2ed11ec452f60a58bd69cd
                                                                                                                                                                    • Opcode Fuzzy Hash: 1a62ebb246959f38fae6f97a16ae9b6e3f147e8fdc483f677f644595477796c0
                                                                                                                                                                    • Instruction Fuzzy Hash: 5AF0F692701B1526DA1025764C81B7B698CCBC27A0F060037BD85A7382E9AD9C0552AD
                                                                                                                                                                    Function 0045D984 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ISCryptGetVersion), ref: 0045D98D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ArcFourInit), ref: 0045D99D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ArcFourCrypt), ref: 0045D9AD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                    • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                                                                                                                                                    • API String ID: 190572456-508647305
                                                                                                                                                                    • Opcode ID: a120c3d2ef62b36cbcf1f94c94fb794ce275c00622819f97a022044a312cbe17
                                                                                                                                                                    • Instruction ID: 0705cba7109997b41c54f5ec5154c4026f190107a5f336fc7dc4235633f43cad
                                                                                                                                                                    • Opcode Fuzzy Hash: a120c3d2ef62b36cbcf1f94c94fb794ce275c00622819f97a022044a312cbe17
                                                                                                                                                                    • Instruction Fuzzy Hash: E9F030F1901620EBF314EF77AC457273695EBA4302F14843BA445E11B2D7BA085AEA2C
                                                                                                                                                                    Function 0045DE84 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045DE8D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045DE9D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045DEAD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                    • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                                                                                                                                                    • API String ID: 190572456-212574377
                                                                                                                                                                    • Opcode ID: 69782b4271ac4a522c1cbf050024bd159fbeab52ed8ba1f2270972ee26ec74bc
                                                                                                                                                                    • Instruction ID: ffc1661d06bbefe96a91e36acebf6432405697aaa326f86a6f465272ccde7cfc
                                                                                                                                                                    • Opcode Fuzzy Hash: 69782b4271ac4a522c1cbf050024bd159fbeab52ed8ba1f2270972ee26ec74bc
                                                                                                                                                                    • Instruction Fuzzy Hash: 84F01DB1D00A18DED724DF37AC4A72736D5EF74316F08843BA9465A2A2D7B80858DF1D
                                                                                                                                                                    Function 0042EE6C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,0049B934,004579ED,00457D90,00457944,00000000,00000B06,00000000,00000000,00000000,00000002,00000000,00482671), ref: 0042EE85
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EE8B
                                                                                                                                                                    • InterlockedExchange.KERNEL32(0049D66C,00000001), ref: 0042EE9C
                                                                                                                                                                      • Part of subcall function 0042EDFC: GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EEC0,00000004,0049B934,004579ED,00457D90,00457944,00000000,00000B06,00000000,00000000,00000000,00000002,00000000), ref: 0042EE12
                                                                                                                                                                      • Part of subcall function 0042EDFC: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EE18
                                                                                                                                                                      • Part of subcall function 0042EDFC: InterlockedExchange.KERNEL32(0049D664,00000001), ref: 0042EE29
                                                                                                                                                                    • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,00000004,0049B934,004579ED,00457D90,00457944,00000000,00000B06,00000000,00000000,00000000,00000002,00000000), ref: 0042EEB0
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressExchangeHandleInterlockedModuleProc$ChangeFilterMessageWindow
                                                                                                                                                                    • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                                                                                                                    • API String ID: 142928637-2676053874
                                                                                                                                                                    • Opcode ID: 147ab314087a4e3dcf6e16000bf7a92f8a6b53821ee1abd9afb0821482d3c5ed
                                                                                                                                                                    • Instruction ID: d923442659e3b0e51499426f76f6993fec2ee5a704375d7ef0c30b5e995126c2
                                                                                                                                                                    • Opcode Fuzzy Hash: 147ab314087a4e3dcf6e16000bf7a92f8a6b53821ee1abd9afb0821482d3c5ed
                                                                                                                                                                    • Instruction Fuzzy Hash: 1AE06DF1B40724AAEF107B766C86B9B2668EB50769F55003BF104A61E1C7FD0C408A6C
                                                                                                                                                                    Function 00479E68 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,?,0049A50C), ref: 00479E6E
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00479E7B
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00479E8B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                    • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                                                                                                                                                    • API String ID: 667068680-222143506
                                                                                                                                                                    • Opcode ID: 4eb8c5683a80416fa23ca28207be772c3a68f7a3a60c78b74a0383d4a233a3f9
                                                                                                                                                                    • Instruction ID: 2eb801612c02c2f681ec2550ef92dd2b82403b3208254216f30f7223daafca7c
                                                                                                                                                                    • Opcode Fuzzy Hash: 4eb8c5683a80416fa23ca28207be772c3a68f7a3a60c78b74a0383d4a233a3f9
                                                                                                                                                                    • Instruction Fuzzy Hash: BFC0C9E1680710A9D600F7725C82DBB2548D510B25310883FB499651D2E7BD0C144A2C
                                                                                                                                                                    Function 0041BABC Relevance: 9.1, APIs: 6, Instructions: 144windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFocus.USER32 ref: 0041BB95
                                                                                                                                                                    • GetDC.USER32(?), ref: 0041BBA1
                                                                                                                                                                    • SelectPalette.GDI32(00000000,?,00000000), ref: 0041BBD6
                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 0041BBE2
                                                                                                                                                                    • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BC10
                                                                                                                                                                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041BC44
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3275473261-0
                                                                                                                                                                    • Opcode ID: 2f364fcd98ee6a1d62b7c654a57492f5fb96a9e1e42606f87797115b42be741f
                                                                                                                                                                    • Instruction ID: d5c29bb792210f064481fc70285f12689ccfb8d13ad776c980584781b3891df8
                                                                                                                                                                    • Opcode Fuzzy Hash: 2f364fcd98ee6a1d62b7c654a57492f5fb96a9e1e42606f87797115b42be741f
                                                                                                                                                                    • Instruction Fuzzy Hash: E4511E74A002099FCF11DFA9C895AEEBBB5FF49704F10406AF500A7790D779AD81CBA9
                                                                                                                                                                    Function 0041BD8C Relevance: 9.1, APIs: 6, Instructions: 142windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFocus.USER32 ref: 0041BE67
                                                                                                                                                                    • GetDC.USER32(?), ref: 0041BE73
                                                                                                                                                                    • SelectPalette.GDI32(00000000,?,00000000), ref: 0041BEAD
                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 0041BEB9
                                                                                                                                                                    • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BEDD
                                                                                                                                                                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041BF11
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3275473261-0
                                                                                                                                                                    • Opcode ID: 6a42abb991037a6bf202db87d3771568c300b6986fb43c24206afdf92edcb334
                                                                                                                                                                    • Instruction ID: 6bf5c6e251c24ad455d3524f1730cbba616f151bd8f8db37d5e0169c444cf9bf
                                                                                                                                                                    • Opcode Fuzzy Hash: 6a42abb991037a6bf202db87d3771568c300b6986fb43c24206afdf92edcb334
                                                                                                                                                                    • Instruction Fuzzy Hash: FD511875A002089FCB11DFA9C891AAEBBF5FF49700F11846AF504EB390D7789D40CBA8
                                                                                                                                                                    Function 0041B958 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFocus.USER32 ref: 0041B9CE
                                                                                                                                                                    • GetDC.USER32(?), ref: 0041B9DA
                                                                                                                                                                    • GetDeviceCaps.GDI32(?,00000068), ref: 0041B9F6
                                                                                                                                                                    • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041BA13
                                                                                                                                                                    • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041BA2A
                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 0041BA76
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: EntriesPaletteSystem$CapsDeviceFocusRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2502006586-0
                                                                                                                                                                    • Opcode ID: aaad342ca44b07dec6af6486a8a42c1cb8d3efc41e270446eeb3d15c1de1c0ff
                                                                                                                                                                    • Instruction ID: 59801f7e5fcc4ac8ef53bb63f5e7b2fd9dc64a74171921ba3453a8653c00992f
                                                                                                                                                                    • Opcode Fuzzy Hash: aaad342ca44b07dec6af6486a8a42c1cb8d3efc41e270446eeb3d15c1de1c0ff
                                                                                                                                                                    • Instruction Fuzzy Hash: A941C371A042189FCB10DFB9C885A9FBBB4EF49740F1484AAF940EB351D2389D11CBA5
                                                                                                                                                                    Function 0045D848 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 73COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000057,00000000,0045D914,?,?,?,?,00000000), ref: 0045D8B3
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045D980,?,00000000,0045D914,?,?,?,?,00000000), ref: 0045D8F2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                                                                                                                                                    • API String ID: 1452528299-1580325520
                                                                                                                                                                    • Opcode ID: bceaa7c9d38e855be30fb0ce12922fb4a40a0d74626b7c5ce76b3f9998da2675
                                                                                                                                                                    • Instruction ID: 7ee2480e64cf5dcc37247868779a06df4fe5ff89f2b42202383772de8024ccfa
                                                                                                                                                                    • Opcode Fuzzy Hash: bceaa7c9d38e855be30fb0ce12922fb4a40a0d74626b7c5ce76b3f9998da2675
                                                                                                                                                                    • Instruction Fuzzy Hash: 4811BB75A04204AFE731EBE1C941B9E76ADDF44306F604077AD0496383D67C5F0A952D
                                                                                                                                                                    Function 0041C1DC Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemMetrics.USER32(0000000B), ref: 0041C225
                                                                                                                                                                    • GetSystemMetrics.USER32(0000000C), ref: 0041C22F
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0041C239
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000E), ref: 0041C260
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0041C26D
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0041C2A6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CapsDeviceMetricsSystem$Release
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 447804332-0
                                                                                                                                                                    • Opcode ID: 3e92d3a5d6c5ecb792e0ebd5600fae34c9b68402c42568e6e1a494463c386ac3
                                                                                                                                                                    • Instruction ID: bd62dbbe377736d475eb9c8390e540ebf9edbe2df99a0055a8dbd9c6863756d8
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e92d3a5d6c5ecb792e0ebd5600fae34c9b68402c42568e6e1a494463c386ac3
                                                                                                                                                                    • Instruction Fuzzy Hash: CA214A74E44608AFEB00EFE9C942BEEB7B4EB48700F10806AF514B7381D6785940CB69
                                                                                                                                                                    Function 00474770 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0045D848: SetLastError.KERNEL32(00000057,00000000,0045D914,?,?,?,?,00000000), ref: 0045D8B3
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00474844,?,?,0049E1E4,00000000), ref: 004747FD
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00474844,?,?,0049E1E4,00000000), ref: 00474813
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set permissions on registry key (%d)., xrefs: 00474824
                                                                                                                                                                    • I, xrefs: 00474785
                                                                                                                                                                    • Could not set permissions on the registry key because it currently does not exist., xrefs: 00474807
                                                                                                                                                                    • Setting permissions on registry key: %s\%s, xrefs: 004747C2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s$I
                                                                                                                                                                    • API String ID: 1452528299-1959139981
                                                                                                                                                                    • Opcode ID: fa1a9a8d389e764d463da442ef7f1c9e05787aef6c03ccc219f4a1874d89d582
                                                                                                                                                                    • Instruction ID: 89f83d431bb9d789a293ecef52b9ab2aae7d8ed3921fa29d9781309811a141fd
                                                                                                                                                                    • Opcode Fuzzy Hash: fa1a9a8d389e764d463da442ef7f1c9e05787aef6c03ccc219f4a1874d89d582
                                                                                                                                                                    • Instruction Fuzzy Hash: 15217774A042485FDB00EBA9C8416FEBBE8DB89314F51817BE414E7392DB785D058BAA
                                                                                                                                                                    Function 00401A90 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlEnterCriticalSection.KERNEL32(0049D420,00000000,00401B68), ref: 00401ABD
                                                                                                                                                                    • LocalFree.KERNEL32(007285C8,00000000,00401B68), ref: 00401ACF
                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,007285C8,00000000,00401B68), ref: 00401AEE
                                                                                                                                                                    • LocalFree.KERNEL32(007295C8,?,00000000,00008000,007285C8,00000000,00401B68), ref: 00401B2D
                                                                                                                                                                    • RtlLeaveCriticalSection.KERNEL32(0049D420,00401B6F), ref: 00401B58
                                                                                                                                                                    • RtlDeleteCriticalSection.KERNEL32(0049D420,00401B6F), ref: 00401B62
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3782394904-0
                                                                                                                                                                    • Opcode ID: a09964db7d5e1398f2afb7250b5a8c8ddfedb2b5ecba3fe18733cc428a63f314
                                                                                                                                                                    • Instruction ID: 86217af8f0c65890f5da76d4fe10d609cc5e2f7049d93a5e71f2b830536aceac
                                                                                                                                                                    • Opcode Fuzzy Hash: a09964db7d5e1398f2afb7250b5a8c8ddfedb2b5ecba3fe18733cc428a63f314
                                                                                                                                                                    • Instruction Fuzzy Hash: 7A11BF70E003405AEB15AB659D82B267BE4976570CF44007BF50067AF1D77CB840C76E
                                                                                                                                                                    Function 0047FA5C Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EC), ref: 0047FA6A
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0046DA09), ref: 0047FA90
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EC), ref: 0047FAA0
                                                                                                                                                                    • SetWindowLongA.USER32(?,000000EC,00000000), ref: 0047FAC1
                                                                                                                                                                    • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047FAD5
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 0047FAF1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$Long$Show
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3609083571-0
                                                                                                                                                                    • Opcode ID: abe530f147a2c3f98821beb69050e02df951cc1f08551c366297f014f152c27b
                                                                                                                                                                    • Instruction ID: ffd9c37a1d4b3a018da72acb707aca8a1d598a80d0625303fdebb2ead6bb840a
                                                                                                                                                                    • Opcode Fuzzy Hash: abe530f147a2c3f98821beb69050e02df951cc1f08551c366297f014f152c27b
                                                                                                                                                                    • Instruction Fuzzy Hash: D301E9B6A54210ABD600DB78CD41F6637E8AB0C310F0A4776FA5DDF3E3C679D8048A08
                                                                                                                                                                    Function 0041B6C0 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0041AB30: CreateBrushIndirect.GDI32 ref: 0041AB9B
                                                                                                                                                                    • UnrealizeObject.GDI32(00000000), ref: 0041B6CC
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 0041B6DE
                                                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 0041B701
                                                                                                                                                                    • SetBkMode.GDI32(?,00000002), ref: 0041B70C
                                                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 0041B727
                                                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 0041B732
                                                                                                                                                                      • Part of subcall function 0041A4A8: GetSysColor.USER32(?), ref: 0041A4B2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3527656728-0
                                                                                                                                                                    • Opcode ID: 591f5e0a38fc1ca3dbe863e806ec08e439b2c286ec032ca355b2d19c4403f824
                                                                                                                                                                    • Instruction ID: 4060aa1d5abe481981ad85160ceff6bfe730d60da31349b060da60163fdb8f1a
                                                                                                                                                                    • Opcode Fuzzy Hash: 591f5e0a38fc1ca3dbe863e806ec08e439b2c286ec032ca355b2d19c4403f824
                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0CD75601100ABDE04FFBADACAE4B77989F043097048057B908DF197CA7CE8A08B3A
                                                                                                                                                                    Function 00499644 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 97COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00424714: SetWindowTextA.USER32(?,00000000), ref: 0042472C
                                                                                                                                                                    • ShowWindow.USER32(?,00000005,00000000,004998A9,?,?,00000000), ref: 0049967A
                                                                                                                                                                      • Part of subcall function 0042DD14: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042DD27
                                                                                                                                                                      • Part of subcall function 004076F8: SetCurrentDirectoryA.KERNEL32(00000000,?,004996A2,00000000,00499875,?,?,00000005,00000000,004998A9,?,?,00000000), ref: 00407703
                                                                                                                                                                      • Part of subcall function 0042D89C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D92A,?,?,?,00000001,?,0045681A,00000000,00456882), ref: 0042D8D1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                                                                                                                    • String ID: .dat$.msg$IMsg$Uninstall
                                                                                                                                                                    • API String ID: 3312786188-1660910688
                                                                                                                                                                    • Opcode ID: b59174c22afc0cb4d84e45ba041c7c5ab1d45157887829cd53cd9da25efcf179
                                                                                                                                                                    • Instruction ID: 4da38b6a349b60b5a60df07f01633cb26419001f7db46277bbb3aa66fc0d4d29
                                                                                                                                                                    • Opcode Fuzzy Hash: b59174c22afc0cb4d84e45ba041c7c5ab1d45157887829cd53cd9da25efcf179
                                                                                                                                                                    • Instruction Fuzzy Hash: A1313074A10114AFCB01FFAACC5295E7B75FB49318B51887AF800A7352EB39AD04CB59
                                                                                                                                                                    Function 00404D2A Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00404E0D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExitMessageProcess
                                                                                                                                                                    • String ID: Error$Ln@$Runtime error at 00000000
                                                                                                                                                                    • API String ID: 1220098344-3690081408
                                                                                                                                                                    • Opcode ID: 6146da9580bef9965da9cda28fdf8b1f09917d9546c5f1af2fde060953d626be
                                                                                                                                                                    • Instruction ID: c00c8b1b907268fe45c84c5108a6570d36dd98a08fca56cdb76ff5d345661702
                                                                                                                                                                    • Opcode Fuzzy Hash: 6146da9580bef9965da9cda28fdf8b1f09917d9546c5f1af2fde060953d626be
                                                                                                                                                                    • Instruction Fuzzy Hash: 8F21D360E452418ADB10AB75ED8171A3B8097F930CF04817BE700B73E2C67CD84687AE
                                                                                                                                                                    Function 0042EEF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 0042EF2A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EF30
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,user32.dll,ShutdownBlockReasonCreate), ref: 0042EF59
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressByteCharHandleModuleMultiProcWide
                                                                                                                                                                    • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                                                                                                                    • API String ID: 828529508-2866557904
                                                                                                                                                                    • Opcode ID: 0a1a7f0b35af10bec52672da06a2906d532a44599cf47327945e1bb0849fc05d
                                                                                                                                                                    • Instruction ID: 50bd107db23699165094570332042a9a2090c4fb9dd7a9a9ac1c8e9692f1be1d
                                                                                                                                                                    • Opcode Fuzzy Hash: 0a1a7f0b35af10bec52672da06a2906d532a44599cf47327945e1bb0849fc05d
                                                                                                                                                                    • Instruction Fuzzy Hash: D7F0F0E134062237E620B27FAC86F7F55CC8F94729F150036B608EA2C2EA7C9905426F
                                                                                                                                                                    Function 0042EDFC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EEC0,00000004,0049B934,004579ED,00457D90,00457944,00000000,00000B06,00000000,00000000,00000000,00000002,00000000), ref: 0042EE12
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EE18
                                                                                                                                                                    • InterlockedExchange.KERNEL32(0049D664,00000001), ref: 0042EE29
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressExchangeHandleInterlockedModuleProc
                                                                                                                                                                    • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                                                                                    • API String ID: 3478007392-2498399450
                                                                                                                                                                    • Opcode ID: 2ae9261505c9f67baa706182e7b3239f9e45ce3b55a3ca64683e2b7ae62260b5
                                                                                                                                                                    • Instruction ID: 37ab6c1781d9ace597be808b0f82a5ae7151ca86b9dce60fc565c366ef428a29
                                                                                                                                                                    • Opcode Fuzzy Hash: 2ae9261505c9f67baa706182e7b3239f9e45ce3b55a3ca64683e2b7ae62260b5
                                                                                                                                                                    • Instruction Fuzzy Hash: 76E0ECB1B41320AAEA1137726C8AF5726559B2471DF950437F108671E2C6FC1C84C91D
                                                                                                                                                                    Function 00478DDC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 00478DE4
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00478EDB,0049E0AC,00000000), ref: 00478DF7
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00478DFD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleModuleProcProcessThreadWindow
                                                                                                                                                                    • String ID: AllowSetForegroundWindow$user32.dll
                                                                                                                                                                    • API String ID: 1782028327-3855017861
                                                                                                                                                                    • Opcode ID: baaddf851ddbcde89e908f2650d0d7dd5a96bc2ff5b27e890b2c54087906d01e
                                                                                                                                                                    • Instruction ID: c95bb4f0dd120990503e7052118a19d741abdcedadff55ee9c16c600a1fe714f
                                                                                                                                                                    • Opcode Fuzzy Hash: baaddf851ddbcde89e908f2650d0d7dd5a96bc2ff5b27e890b2c54087906d01e
                                                                                                                                                                    • Instruction Fuzzy Hash: EFD09EB168060165E910B3B69D4AE9B235C89847647248C3FB458E2586DF7CD894457D
                                                                                                                                                                    Function 0041707C Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • BeginPaint.USER32(00000000,?), ref: 004170A2
                                                                                                                                                                    • SaveDC.GDI32(?), ref: 004170D3
                                                                                                                                                                    • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00417195), ref: 00417134
                                                                                                                                                                    • RestoreDC.GDI32(?,?), ref: 0041715B
                                                                                                                                                                    • EndPaint.USER32(00000000,?,0041719C,00000000,00417195), ref: 0041718F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3808407030-0
                                                                                                                                                                    • Opcode ID: d3cb791d7785fb4fc35c1181fb0c895e71633609ec102f90fedaf0bd5e116ec9
                                                                                                                                                                    • Instruction ID: 2d0e89e5730252ba578d2efb55dda1d595b63161fefa896777b830b1b9f6ffa1
                                                                                                                                                                    • Opcode Fuzzy Hash: d3cb791d7785fb4fc35c1181fb0c895e71633609ec102f90fedaf0bd5e116ec9
                                                                                                                                                                    • Instruction Fuzzy Hash: 9B412170A08204AFDB04DFA5C985FAA77F9FF48314F1544AEE4059B362C7789D85CB18
                                                                                                                                                                    Function 00414C50 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: eea1a8f7c9869be2cd73ede4559f3beb1d50bc075a71ac7122178a7397227914
                                                                                                                                                                    • Instruction ID: f067b59d413d1c4671d71e094a7f62e666ee1dcd53ee7561759f320ec3b01eff
                                                                                                                                                                    • Opcode Fuzzy Hash: eea1a8f7c9869be2cd73ede4559f3beb1d50bc075a71ac7122178a7397227914
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F314F70605740AFC720EF69D984BABB7E8AF89314F04891EF9D5C7751D638EC808B59
                                                                                                                                                                    Function 0041C008 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemMetrics.USER32(0000000B), ref: 0041C01A
                                                                                                                                                                    • GetSystemMetrics.USER32(0000000C), ref: 0041C024
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0041C062
                                                                                                                                                                    • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041C0A9
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0041C0EA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MetricsSystem$BitmapCreateDeleteObject
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1095203571-0
                                                                                                                                                                    • Opcode ID: e9779dfffb4f21f61e506df0ae377518d2b748fc237c0f7807fdb933fd26a7eb
                                                                                                                                                                    • Instruction ID: f919feb2cfdf9cb53746996a9db251afb7e4286801c3fccb61a5d2ca1bdc7bf1
                                                                                                                                                                    • Opcode Fuzzy Hash: e9779dfffb4f21f61e506df0ae377518d2b748fc237c0f7807fdb933fd26a7eb
                                                                                                                                                                    • Instruction Fuzzy Hash: A3313E74A40205EFDB04DFA5C981AAEB7F5EB48704F11856AF510AB381D7789E80DB98
                                                                                                                                                                    Function 00429C1C Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429C58
                                                                                                                                                                    • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429C87
                                                                                                                                                                    • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 00429CA3
                                                                                                                                                                    • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 00429CCE
                                                                                                                                                                    • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 00429CEC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                    • Opcode ID: 5ef5cab32e95011e4c7cfb0abff5a7214c11a7d164d3b5ed8cb8a22c4c4654b6
                                                                                                                                                                    • Instruction ID: 0478e77fbb77d274a7bfb783d11adee83c5a4069cdde94f0426c34ba09fc350e
                                                                                                                                                                    • Opcode Fuzzy Hash: 5ef5cab32e95011e4c7cfb0abff5a7214c11a7d164d3b5ed8cb8a22c4c4654b6
                                                                                                                                                                    • Instruction Fuzzy Hash: 222190707107147AE710AFA7DC82F4B76EC9B40704F90443E7906AB2D2DAB8ED41861D
                                                                                                                                                                    Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 262959230-0
                                                                                                                                                                    • Opcode ID: 67daf853af92f19bd36af3157ccd0aae30d6e3cf77030be0de76c974993ddc75
                                                                                                                                                                    • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                                                                                                                                                    • Opcode Fuzzy Hash: 67daf853af92f19bd36af3157ccd0aae30d6e3cf77030be0de76c974993ddc75
                                                                                                                                                                    • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                                                                                                                                                    Function 00414830 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00414869
                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 00414871
                                                                                                                                                                    • SelectPalette.GDI32(00000000,00000000,00000001), ref: 00414885
                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 0041488B
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00414896
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Palette$RealizeSelect$Release
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2261976640-0
                                                                                                                                                                    • Opcode ID: fa3b9403a46652b92fdf4541f93f936de0ad42420f7af6617674ce52f43e61da
                                                                                                                                                                    • Instruction ID: aeb03e62d8ddadf83c94429ec28f403801e3a8d1cb621d3e7bfc21001d019430
                                                                                                                                                                    • Opcode Fuzzy Hash: fa3b9403a46652b92fdf4541f93f936de0ad42420f7af6617674ce52f43e61da
                                                                                                                                                                    • Instruction Fuzzy Hash: 3201DF7520C3806AD600B63D8C85A9F6BEC9FCA314F15946EF484DB3C2CA7AC8018761
                                                                                                                                                                    Function 00454868 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 200fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindNextFileA.KERNEL32(000000FF,?,00000000,00454AAE,?,00000000,00454B22,?,?,-00000001,00000000,?,0047E107,00000000,0047E054,00000000), ref: 00454A8A
                                                                                                                                                                    • FindClose.KERNEL32(000000FF,00454AB5,00454AAE,?,00000000,00454B22,?,?,-00000001,00000000,?,0047E107,00000000,0047E054,00000000,00000000), ref: 00454AA8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$CloseFileNext
                                                                                                                                                                    • String ID: .H$ .H
                                                                                                                                                                    • API String ID: 2066263336-1676226347
                                                                                                                                                                    • Opcode ID: 4c7b5bb35843140b86ad4380f78fcb8d22486119cddb2e33df34e003a884ce2c
                                                                                                                                                                    • Instruction ID: 86a97b531f1ad2b4b7463d4220b8e0547854eedc1a857b6a9afda59406c2b972
                                                                                                                                                                    • Opcode Fuzzy Hash: 4c7b5bb35843140b86ad4380f78fcb8d22486119cddb2e33df34e003a884ce2c
                                                                                                                                                                    • Instruction Fuzzy Hash: CF81A43490428DAFCF11DF65C8417EFBBB4AF89309F1440A6D8546B392C3399E8ACB58
                                                                                                                                                                    Function 004073F4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 00407453
                                                                                                                                                                    • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 004074CD
                                                                                                                                                                    • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 00407525
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Enum$NameOpenResourceUniversal
                                                                                                                                                                    • String ID: Z
                                                                                                                                                                    • API String ID: 3604996873-1505515367
                                                                                                                                                                    • Opcode ID: ef725f5677505cc1ece444b72ce86a205eac34b3eeee73834d2775d04d947be5
                                                                                                                                                                    • Instruction ID: 2310e9831ee7c99a0a8649866770d0a98cc310fb2cf5807583ec8a4e9daa3455
                                                                                                                                                                    • Opcode Fuzzy Hash: ef725f5677505cc1ece444b72ce86a205eac34b3eeee73834d2775d04d947be5
                                                                                                                                                                    • Instruction Fuzzy Hash: 41519070E04208AFDB11DF99C845A9EBBB9EB49314F1448BAE400B72D1D778AE418B5A
                                                                                                                                                                    Function 0044D598 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 0044D626
                                                                                                                                                                    • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044D651
                                                                                                                                                                    • DrawTextA.USER32(00000000,00000000,00000000,00000000,00000800), ref: 0044D6D9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DrawText$EmptyRect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 182455014-2867612384
                                                                                                                                                                    • Opcode ID: 118ce66f65fc30a3616beabd50b84bb536d9a0cd1ba8fe4db387a67cc8cfb132
                                                                                                                                                                    • Instruction ID: 5f00bac91b28cdab45bfb944687f04cfacea2c0ae70fe3b1c590f7ffbabf3d5b
                                                                                                                                                                    • Opcode Fuzzy Hash: 118ce66f65fc30a3616beabd50b84bb536d9a0cd1ba8fe4db387a67cc8cfb132
                                                                                                                                                                    • Instruction Fuzzy Hash: 7C517271E00248AFDB11DFA9C885BDEBBF8AF49304F15847AE805EB252D7389944CB64
                                                                                                                                                                    Function 0042F400 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0042F42A
                                                                                                                                                                      • Part of subcall function 0041A638: CreateFontIndirectA.GDI32(?), ref: 0041A6F7
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 0042F44D
                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0042F52C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFontIndirectObjectReleaseSelect
                                                                                                                                                                    • String ID: ...\
                                                                                                                                                                    • API String ID: 3133960002-983595016
                                                                                                                                                                    • Opcode ID: d1b66580af5f8b118005d8afe4c27e7b3c53fe3fbe43e40283f5066ed8c29eea
                                                                                                                                                                    • Instruction ID: 21909acc4746510f695b318a8719c62c66087a48e53e42bcbae852ee139bb065
                                                                                                                                                                    • Opcode Fuzzy Hash: d1b66580af5f8b118005d8afe4c27e7b3c53fe3fbe43e40283f5066ed8c29eea
                                                                                                                                                                    • Instruction Fuzzy Hash: E1314270B00229ABDB11EF9AD851BAEB7F9EB48308F90447BF410A7291C7785E45CA59
                                                                                                                                                                    Function 00454024 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00498709,_iu,?,00000000,0045415E), ref: 00454113
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00498709,_iu,?,00000000,0045415E), ref: 00454123
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateFileHandle
                                                                                                                                                                    • String ID: .tmp$_iu
                                                                                                                                                                    • API String ID: 3498533004-10593223
                                                                                                                                                                    • Opcode ID: 072b1950efcd5525a44ef0ec832e26da6ad9b9e54120453c47e3c5125fb5f307
                                                                                                                                                                    • Instruction ID: 59545500d2eeb09234598e35ee9a1648d273934097dc79d2b475452d37d3be57
                                                                                                                                                                    • Opcode Fuzzy Hash: 072b1950efcd5525a44ef0ec832e26da6ad9b9e54120453c47e3c5125fb5f307
                                                                                                                                                                    • Instruction Fuzzy Hash: 8431C570E00209ABCF11EB95C942BEEBBB5AF54309F20452AF900BB3D2D7385F459759
                                                                                                                                                                    Function 00416860 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetClassInfoA.USER32(00400000,?,?), ref: 004168CF
                                                                                                                                                                    • UnregisterClassA.USER32(?,00400000), ref: 004168FB
                                                                                                                                                                    • RegisterClassA.USER32(?), ref: 0041691E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Class$InfoRegisterUnregister
                                                                                                                                                                    • String ID: @
                                                                                                                                                                    • API String ID: 3749476976-2766056989
                                                                                                                                                                    • Opcode ID: 8934ae511967caf128f8a4335e201e133d04de45e6718866f55f2b1406b15d9f
                                                                                                                                                                    • Instruction ID: c7ae62685634f2feb307fa6559a912500e41153472d9d2bb59c10c8b55fc2cbc
                                                                                                                                                                    • Opcode Fuzzy Hash: 8934ae511967caf128f8a4335e201e133d04de45e6718866f55f2b1406b15d9f
                                                                                                                                                                    • Instruction Fuzzy Hash: C6318E706043008BDB10EF68C885B9B77E9AB89308F00457FF985DB392DB39DD458B5A
                                                                                                                                                                    Function 00499AF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,0049A448,00000000,00499BEE,?,?,00000000,0049D62C), ref: 00499B68
                                                                                                                                                                    • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,0049A448,00000000,00499BEE,?,?,00000000,0049D62C), ref: 00499B91
                                                                                                                                                                    • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 00499BAA
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$Attributes$Move
                                                                                                                                                                    • String ID: isRS-%.3u.tmp
                                                                                                                                                                    • API String ID: 3839737484-3657609586
                                                                                                                                                                    • Opcode ID: 88eac6fa2fd00287dbaa55a3b9bd3a1b65409462b653a3bc96acdfff81af7d31
                                                                                                                                                                    • Instruction ID: 0b841a000e743cb9e8da0cfb8565bc532e10ded45a2cf007f5af54a585f9ef1c
                                                                                                                                                                    • Opcode Fuzzy Hash: 88eac6fa2fd00287dbaa55a3b9bd3a1b65409462b653a3bc96acdfff81af7d31
                                                                                                                                                                    • Instruction Fuzzy Hash: 54212171D14119ABCF00EBA9D881AAFBBB8BB58314F11457EA814B72D1D63C6E018A59
                                                                                                                                                                    Function 00457398 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042CC54: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042CC78
                                                                                                                                                                      • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                                      • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                                    • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 004573EC
                                                                                                                                                                    • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00457419
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
                                                                                                                                                                    • String ID: LoadTypeLib$RegisterTypeLib
                                                                                                                                                                    • API String ID: 1312246647-2435364021
                                                                                                                                                                    • Opcode ID: 18df84fe9d86e2862f6386675fb05e4dd3e507c86707e069f339337bab75705e
                                                                                                                                                                    • Instruction ID: 195147ed2e8b8ae7ced7006412bb8845aee82bd7b9f018cfdf51d436bcb33606
                                                                                                                                                                    • Opcode Fuzzy Hash: 18df84fe9d86e2862f6386675fb05e4dd3e507c86707e069f339337bab75705e
                                                                                                                                                                    • Instruction Fuzzy Hash: C911D630B04204BFDB01DFA6DC51A4EBBADEB4A305F108076FD04D3652DA389E04C618
                                                                                                                                                                    Function 00457950 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 0045796A
                                                                                                                                                                    • SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 00457A07
                                                                                                                                                                    Strings
                                                                                                                                                                    • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 00457996
                                                                                                                                                                    • Failed to create DebugClientWnd, xrefs: 004579D0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                    • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                                                                                                                                    • API String ID: 3850602802-3720027226
                                                                                                                                                                    • Opcode ID: 80de300fa9b658830860bbd1b2ac7aa5d38d8104fbe504bfe21ba00f6e685b55
                                                                                                                                                                    • Instruction ID: b12cfe17c44d9b7297a0742d7ace06ebf4c30bfebd2037bde928bbf0dce3c7c1
                                                                                                                                                                    • Opcode Fuzzy Hash: 80de300fa9b658830860bbd1b2ac7aa5d38d8104fbe504bfe21ba00f6e685b55
                                                                                                                                                                    • Instruction Fuzzy Hash: 1311C4B16082509BE310AB299C81B5F77949B54319F04443BF9849F383D3B99C18C7AE
                                                                                                                                                                    Function 00479934 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00424714: SetWindowTextA.USER32(?,00000000), ref: 0042472C
                                                                                                                                                                    • GetFocus.USER32 ref: 0047999F
                                                                                                                                                                    • GetKeyState.USER32(0000007A), ref: 004799B1
                                                                                                                                                                    • WaitMessage.USER32(?,00000000,004799D8,?,00000000,004799FF,?,?,00000001,00000000,?,?,0048174F,00000000,00482671), ref: 004799BB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FocusMessageStateTextWaitWindow
                                                                                                                                                                    • String ID: Wnd=$%x
                                                                                                                                                                    • API String ID: 1381870634-2927251529
                                                                                                                                                                    • Opcode ID: c7714a687ecd515da0b3d99d6b7bbb34f6b1e8ac2199ab9b74b109a4a99a3c73
                                                                                                                                                                    • Instruction ID: 0ce6ec70c77c992717eb959f135b56f98f7128e6f958ad4e09c8363bf76ba6b5
                                                                                                                                                                    • Opcode Fuzzy Hash: c7714a687ecd515da0b3d99d6b7bbb34f6b1e8ac2199ab9b74b109a4a99a3c73
                                                                                                                                                                    • Instruction Fuzzy Hash: 0511A3B0604244AFDB00FF69D842ADEB7B8EB49704B51C5BBF508E7381D738AD00CA69
                                                                                                                                                                    Function 0046F428 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?), ref: 0046F430
                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 0046F43F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time$File$LocalSystem
                                                                                                                                                                    • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                                                                                                                                                    • API String ID: 1748579591-1013271723
                                                                                                                                                                    • Opcode ID: b3309c05ae6708dc9511693656f5da53199351be95235e45feba58672e8eaade
                                                                                                                                                                    • Instruction ID: b1f3f51ab816b97a6d4fd488e4796d5760ecc8acc51059d8482d4647201c4143
                                                                                                                                                                    • Opcode Fuzzy Hash: b3309c05ae6708dc9511693656f5da53199351be95235e45feba58672e8eaade
                                                                                                                                                                    • Instruction Fuzzy Hash: F111F5A040C3919AD340DF2AC44072BBAE4AB99708F44896FF9C8D6381E779C948DB67
                                                                                                                                                                    Function 004546DE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 004546EB
                                                                                                                                                                      • Part of subcall function 004073A0: DeleteFileA.KERNEL32(00000000,0049D62C,00499FD9,00000000,0049A02E,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 004073AB
                                                                                                                                                                    • MoveFileA.KERNEL32(00000000,00000000), ref: 00454710
                                                                                                                                                                      • Part of subcall function 00453C04: GetLastError.KERNEL32(00000000,00454799,00000005,00000000,004547CE,?,?,00000000,0049D62C,00000004,00000000,00000000,00000000,?,00499C8D,00000000), ref: 00453C07
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$AttributesDeleteErrorLastMove
                                                                                                                                                                    • String ID: DeleteFile$MoveFile
                                                                                                                                                                    • API String ID: 3024442154-139070271
                                                                                                                                                                    • Opcode ID: cd51b7d6411f51ddff926bfb4089fa62fb2906befb808aa5ea3769e8c14f62c4
                                                                                                                                                                    • Instruction ID: 274a2e09890dd6abd1f20e60e4879b25532b4b8e44e7f96c1dbb1ac345d4d7c6
                                                                                                                                                                    • Opcode Fuzzy Hash: cd51b7d6411f51ddff926bfb4089fa62fb2906befb808aa5ea3769e8c14f62c4
                                                                                                                                                                    • Instruction Fuzzy Hash: 53F08B746141445BE701FBA5D94265FA7ECEB8431EF50403BB800BB6C3DB3C9D08492D
                                                                                                                                                                    Function 00484FB0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 00484FF1
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 00485014
                                                                                                                                                                    Strings
                                                                                                                                                                    • CSDVersion, xrefs: 00484FE8
                                                                                                                                                                    • System\CurrentControlSet\Control\Windows, xrefs: 00484FBE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                    • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                                                                                                                                                    • API String ID: 3677997916-1910633163
                                                                                                                                                                    • Opcode ID: b9e36cadc727804c5f11a8465414363a5b518042b18c79ea3b7dd3ea96185e79
                                                                                                                                                                    • Instruction ID: 3d9820a6fde95d05ac542d305ffe0a0e534a7c1f4e1b62a11fb8fb702f882c01
                                                                                                                                                                    • Opcode Fuzzy Hash: b9e36cadc727804c5f11a8465414363a5b518042b18c79ea3b7dd3ea96185e79
                                                                                                                                                                    • Instruction Fuzzy Hash: E7F04975A40608E6DF10FAD18C55BDF73BCAB05704F604967E510E7281E7399A049BAE
                                                                                                                                                                    Function 00465214 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0044BB28: LoadLibraryA.KERNEL32(00000000,00000000,0044BF0B,?,?,?,?,00000000,00000000,?,0044FD4D,0049A4DA), ref: 0044BB8A
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044BBA2
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044BBB4
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044BBC6
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044BBD8
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044BBEA
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044BBFC
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044BC0E
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044BC20
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044BC32
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044BC44
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044BC56
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044BC68
                                                                                                                                                                      • Part of subcall function 0044BB28: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044BC7A
                                                                                                                                                                      • Part of subcall function 004651E8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004651FB
                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,SHPathPrepareForWriteA,00000000,0046528A,?,?,?,?,00000000,00000000,?,0049A502), ref: 0046525F
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 00465265
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$LibraryLoad$DirectorySystem
                                                                                                                                                                    • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                                                                                    • API String ID: 1442766254-2683653824
                                                                                                                                                                    • Opcode ID: 19c949dbb77f1a78b4d411d9c1a27eb2db95fd8b53bd2c0869d9e8e17518ae75
                                                                                                                                                                    • Instruction ID: 415eb7409d81aa8454bb2dd4c72fa8b3e514a75415032da6adba06dceafb32ff
                                                                                                                                                                    • Opcode Fuzzy Hash: 19c949dbb77f1a78b4d411d9c1a27eb2db95fd8b53bd2c0869d9e8e17518ae75
                                                                                                                                                                    • Instruction Fuzzy Hash: F5F04470640A08BFD700FB62DC53F5E7BACEB45718FA044B7B400B6591EA7C9E04892D
                                                                                                                                                                    Function 00459B60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,00459C9D,00000000,00459E55,?,00000000,00000000,00000000), ref: 00459BAD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                                                                                                                    • API String ID: 47109696-2631785700
                                                                                                                                                                    • Opcode ID: acc62e2c204e9e12f698e5b82add5e4ad09bb42f8c2d9db489e2300f4fff8397
                                                                                                                                                                    • Instruction ID: 9ff5366a1843594bb80037a440052cb9e88b760eaf161db27522a6c9f4c26c6f
                                                                                                                                                                    • Opcode Fuzzy Hash: acc62e2c204e9e12f698e5b82add5e4ad09bb42f8c2d9db489e2300f4fff8397
                                                                                                                                                                    • Instruction Fuzzy Hash: 2AF0AF31300121EBEB10EB17AC41B5E6789DB91316F18443BFA81C7253F6BCDC46862E
                                                                                                                                                                    Function 0042DD40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,004542C2,00000000,00454365,?,?,00000000,00000000,00000000,00000000,00000000,?,00454755,00000000), ref: 0042DD5A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042DD60
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                    • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                                                                                                                                                    • API String ID: 1646373207-4063490227
                                                                                                                                                                    • Opcode ID: 5abbe40046ba00350f24005cef1803a495b962ffc597d09d0b22329c5a666800
                                                                                                                                                                    • Instruction ID: 2c7f72bc3db4c40d16b1b765d912767d34fa58fe4c646cc18e222b4ed7f6fe44
                                                                                                                                                                    • Opcode Fuzzy Hash: 5abbe40046ba00350f24005cef1803a495b962ffc597d09d0b22329c5a666800
                                                                                                                                                                    • Instruction Fuzzy Hash: 0FE02660B60F1113D70071BA5C8379B208D4B84718F90043F3984F52C6DDBDD9490A6E
                                                                                                                                                                    Function 0042EFA4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,0042EF20), ref: 0042EFB2
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EFB8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                    • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                                                                                                                    • API String ID: 1646373207-260599015
                                                                                                                                                                    • Opcode ID: baf4c7a8591a40d7dc6da6f15e5b4dc27338d30cfca151258ddc16df194b77c5
                                                                                                                                                                    • Instruction ID: 02ec898c6c75b1ba26151a3eebd585b8454ae7040b346800783755fde70e6890
                                                                                                                                                                    • Opcode Fuzzy Hash: baf4c7a8591a40d7dc6da6f15e5b4dc27338d30cfca151258ddc16df194b77c5
                                                                                                                                                                    • Instruction Fuzzy Hash: 01D0A993302B3332AA1071FB3DC19BB02CC8D202AA3670033F600E2280EA8CCC4012AC
                                                                                                                                                                    Function 0044FD1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,0049A4DA), ref: 0044FD57
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044FD5D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                    • String ID: NotifyWinEvent$user32.dll
                                                                                                                                                                    • API String ID: 1646373207-597752486
                                                                                                                                                                    • Opcode ID: 21449735c4530238711e5baf3f7e6c6119c4b5ed48e58139290ccade4ce38153
                                                                                                                                                                    • Instruction ID: af032255d430417ffea63134fe83afc5c4b4dbba1536058c56e775f9f11b8dd5
                                                                                                                                                                    • Opcode Fuzzy Hash: 21449735c4530238711e5baf3f7e6c6119c4b5ed48e58139290ccade4ce38153
                                                                                                                                                                    • Instruction Fuzzy Hash: B2E012E0E417449AFB00BBB96D467193AD0EF6471DF10007FB540A6291C77C44489B1D
                                                                                                                                                                    Function 0049A250 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,0049A530,00000001,00000000,0049A554), ref: 0049A25A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0049A260
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                    • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                                                                                                                    • API String ID: 1646373207-834958232
                                                                                                                                                                    • Opcode ID: 51550ffda035ac84042d4bddea94f20537adf7cd2f58fd56988f617bc6aacde1
                                                                                                                                                                    • Instruction ID: dac1c8ebddd32ae9bf6a035aad1c8d1f3cf840f271d0053423bdda14aa0d062e
                                                                                                                                                                    • Opcode Fuzzy Hash: 51550ffda035ac84042d4bddea94f20537adf7cd2f58fd56988f617bc6aacde1
                                                                                                                                                                    • Instruction Fuzzy Hash: 09B09281686A01509C4033F20C06A1B0E08484171871800B73400F12C6CE6E842404FF
                                                                                                                                                                    Function 00476744 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 114COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042F2BC: GetTickCount.KERNEL32 ref: 0042F2C2
                                                                                                                                                                      • Part of subcall function 0042F0D8: MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0042F10D
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,004768B9,?,?,0049E1E4,00000000), ref: 004767A2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CountErrorFileLastMoveTick
                                                                                                                                                                    • String ID: $LoggedMsgBox returned an unexpected value. Assuming Cancel.$MoveFileEx
                                                                                                                                                                    • API String ID: 2406187244-2685451598
                                                                                                                                                                    • Opcode ID: 60709b24bbd29ecba445f14f57d2c4ad189bd31ebd78b2e227524017e35208ed
                                                                                                                                                                    • Instruction ID: 03a236e7dc5f504d91790a0ce298dd5dba96fa6117a2cc3ee4ad00c9fc2b7c38
                                                                                                                                                                    • Opcode Fuzzy Hash: 60709b24bbd29ecba445f14f57d2c4ad189bd31ebd78b2e227524017e35208ed
                                                                                                                                                                    • Instruction Fuzzy Hash: 53418474A006098BCB00EFA5D882ADE77B9EF48314F52853BE414B7391D7389E05CBAD
                                                                                                                                                                    Function 00414148 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00414196
                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0041424E
                                                                                                                                                                      • Part of subcall function 00419310: 6F59C6F0.COMCTL32(00000000,?,0041427E,?,?,?,?,00413F43,00000000,00413F56), ref: 0041932C
                                                                                                                                                                      • Part of subcall function 00419310: ShowCursor.USER32(00000001,00000000,?,0041427E,?,?,?,?,00413F43,00000000,00413F56), ref: 00419349
                                                                                                                                                                    • SetCursor.USER32(00000000,?,?,?,?,00413F43,00000000,00413F56), ref: 0041428C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CursorDesktopWindow$Show
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2074268717-0
                                                                                                                                                                    • Opcode ID: cfce6284985b2a2f885b46e24aab87199b3bad27be3208afe6f8a3dae0a7e5f2
                                                                                                                                                                    • Instruction ID: 6a264f145c0982e92da272f414c83554030b66ece25ea6070dcdf00fca6814f6
                                                                                                                                                                    • Opcode Fuzzy Hash: cfce6284985b2a2f885b46e24aab87199b3bad27be3208afe6f8a3dae0a7e5f2
                                                                                                                                                                    • Instruction Fuzzy Hash: 30414170A10151AFC710EF6DDD89B5677E5ABA9318B05807BE409CB366C738DC81CB1D
                                                                                                                                                                    Function 00408EA4 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408EC5
                                                                                                                                                                    • LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408F34
                                                                                                                                                                    • LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408FCF
                                                                                                                                                                    • MessageBoxA.USER32(00000000,?,?,00002010), ref: 0040900E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LoadString$FileMessageModuleName
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 704749118-0
                                                                                                                                                                    • Opcode ID: 6a14109298dd6aa5b23f5014bc90c14a5f309fa4690e2bc273b58c6e1dd153b9
                                                                                                                                                                    • Instruction ID: d606a76aa49eec759d07c5becdfef17a6c6b9766ea912d15a143196380f0994c
                                                                                                                                                                    • Opcode Fuzzy Hash: 6a14109298dd6aa5b23f5014bc90c14a5f309fa4690e2bc273b58c6e1dd153b9
                                                                                                                                                                    • Instruction Fuzzy Hash: C73162706083815AD330EB65C945BDBB7D99F8A304F00483FB6C8D72D2DB799904876B
                                                                                                                                                                    Function 0044EE9C Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044EEE5
                                                                                                                                                                      • Part of subcall function 0044D528: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044D55A
                                                                                                                                                                    • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044EF69
                                                                                                                                                                      • Part of subcall function 0042C004: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042C018
                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 0044EF2B
                                                                                                                                                                    • ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044EF4E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 855768636-0
                                                                                                                                                                    • Opcode ID: 975d6f0bacda975cfe83ce1eab8afcd9494905b79e3112c8c9d866416d3664bd
                                                                                                                                                                    • Instruction ID: 5be5a2c99a49a2f339bd726f9f517b743d06364a043e5a66e7e3b57b404dc1d6
                                                                                                                                                                    • Opcode Fuzzy Hash: 975d6f0bacda975cfe83ce1eab8afcd9494905b79e3112c8c9d866416d3664bd
                                                                                                                                                                    • Instruction Fuzzy Hash: 5B118C3170031027E610BA7E8C82B5F66C99B88748F01483FB60AEB387DDB8DC09835E
                                                                                                                                                                    Function 0049720C Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • OffsetRect.USER32(?,?,00000000), ref: 00497270
                                                                                                                                                                    • OffsetRect.USER32(?,00000000,?), ref: 0049728B
                                                                                                                                                                    • OffsetRect.USER32(?,?,00000000), ref: 004972A5
                                                                                                                                                                    • OffsetRect.USER32(?,00000000,?), ref: 004972C0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: OffsetRect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 177026234-0
                                                                                                                                                                    • Opcode ID: 1a73e688525ba1e930e3dbf3898af9d30e9465d405d6debb224a7eeb0afca85c
                                                                                                                                                                    • Instruction ID: e718e50738441f611e1ccbf74e0cde98489d487b8bfa6672397ae6e260ffa509
                                                                                                                                                                    • Opcode Fuzzy Hash: 1a73e688525ba1e930e3dbf3898af9d30e9465d405d6debb224a7eeb0afca85c
                                                                                                                                                                    • Instruction Fuzzy Hash: BE214FB67142016BCB00DF69CD85E5BB7EEEBD4340F14CA2AF544C728AD634E9448796
                                                                                                                                                                    Function 00417668 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCursorPos.USER32 ref: 004176B0
                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004176F3
                                                                                                                                                                    • GetLastActivePopup.USER32(?), ref: 0041771D
                                                                                                                                                                    • GetForegroundWindow.USER32(?), ref: 00417724
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Cursor$ActiveForegroundLastPopupWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1959210111-0
                                                                                                                                                                    • Opcode ID: 6c3ac19022b264060b45d73ebcd70729185e734ffe6bab55d55db2cfe9612f2c
                                                                                                                                                                    • Instruction ID: dbcb3e4d6cdf237ebd373b45723c7518e1d79ef9827cdcdbbe1e0fb97faef126
                                                                                                                                                                    • Opcode Fuzzy Hash: 6c3ac19022b264060b45d73ebcd70729185e734ffe6bab55d55db2cfe9612f2c
                                                                                                                                                                    • Instruction Fuzzy Hash: 8121CF303086018BC710EF29D980ADB73B1AB44768F52447BE8688B392D73DEC81CA8D
                                                                                                                                                                    Function 00496EC4 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MulDiv.KERNEL32(8B500000,00000008,?), ref: 00496ED9
                                                                                                                                                                    • MulDiv.KERNEL32(50142444,00000008,?), ref: 00496EED
                                                                                                                                                                    • MulDiv.KERNEL32(F6E65FE8,00000008,?), ref: 00496F01
                                                                                                                                                                    • MulDiv.KERNEL32(8BF88BFF,00000008,?), ref: 00496F1F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 865696dda9c04e972e54b31ac7a717d8d8d580924cf1526e353e6871edb84c7d
                                                                                                                                                                    • Instruction ID: e3308cc84e827548128d2b2e4dd5895a6eb2c6c5d9673f95432de963ba277a10
                                                                                                                                                                    • Opcode Fuzzy Hash: 865696dda9c04e972e54b31ac7a717d8d8d580924cf1526e353e6871edb84c7d
                                                                                                                                                                    • Instruction Fuzzy Hash: CB113372604204AFCF40DFA9D8C4D9B7BECEF4D324B15516AF918DB24AD634ED408BA4
                                                                                                                                                                    Function 0041F8D0 Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetClassInfoA.USER32(00400000,0041F8C0,?), ref: 0041F8F1
                                                                                                                                                                    • UnregisterClassA.USER32(0041F8C0,00400000), ref: 0041F91A
                                                                                                                                                                    • RegisterClassA.USER32(0049B598), ref: 0041F924
                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F95F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4025006896-0
                                                                                                                                                                    • Opcode ID: ae6de89eb0d2e6a3729d1e0b10ea6149efd73b68be0a0487beae6f0a454497aa
                                                                                                                                                                    • Instruction ID: 2f8fb42507e3cd1bc96778dfed7eead12d65e2047fb8f4462c71738803dd6c65
                                                                                                                                                                    • Opcode Fuzzy Hash: ae6de89eb0d2e6a3729d1e0b10ea6149efd73b68be0a0487beae6f0a454497aa
                                                                                                                                                                    • Instruction Fuzzy Hash: B7012DB16141047BCB10FBA8ED81E9A379CD719318B11423BB505E72A1D739D8168BAC
                                                                                                                                                                    Function 0040D460 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D477
                                                                                                                                                                    • LoadResource.KERNEL32(00400000,72756F73,0040AC18,00400000,00000001,00000000,?,0040D3D4,00000000,?,00000000,?,?,0047DE64,0000000A,00000000), ref: 0040D491
                                                                                                                                                                    • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040AC18,00400000,00000001,00000000,?,0040D3D4,00000000,?,00000000,?,?,0047DE64), ref: 0040D4AB
                                                                                                                                                                    • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040AC18,00400000,00000001,00000000,?,0040D3D4,00000000,?,00000000,?), ref: 0040D4B5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3473537107-0
                                                                                                                                                                    • Opcode ID: 073da2e1467bd4923794a1699de9deb8666d8abafae58723814b459cf24724ae
                                                                                                                                                                    • Instruction ID: 736189130eb46f944708fe8ab0dcf7c2da2e7d83e7efdb8d5663637d3260b2f8
                                                                                                                                                                    • Opcode Fuzzy Hash: 073da2e1467bd4923794a1699de9deb8666d8abafae58723814b459cf24724ae
                                                                                                                                                                    • Instruction Fuzzy Hash: FCF04FB3A005046F8B04EE9DA881D5B76DCDE88364310013AFD08EB282DA38DD018B78
                                                                                                                                                                    Function 00456538 Relevance: 6.0, APIs: 4, Instructions: 41registrywindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegDeleteValueA.ADVAPI32(?,00000000,00000082,00000002,00000000,?,?,00000000,0045BFAA,?,?,?,?,?,00000000,0045BFD1), ref: 00456574
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,00000000,00000082,00000002,00000000,?,?,00000000,0045BFAA,?,?,?,?,?,00000000), ref: 0045657D
                                                                                                                                                                    • RemoveFontResourceA.GDI32(00000000), ref: 0045658A
                                                                                                                                                                    • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 0045659E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4283692357-0
                                                                                                                                                                    • Opcode ID: cc6cb8f7df9bc38fa4312766b298fdc70083d939990630e9667ecae7c6fe003f
                                                                                                                                                                    • Instruction ID: 60fc6220e6421739c6cddc48edde2e304ed69df2a150d613f8e8855ad9854c81
                                                                                                                                                                    • Opcode Fuzzy Hash: cc6cb8f7df9bc38fa4312766b298fdc70083d939990630e9667ecae7c6fe003f
                                                                                                                                                                    • Instruction Fuzzy Hash: 27F054B174531076EA10B6B6AC47F5B22CC8F54749F54483A7604EB2C3D57CDD04966D
                                                                                                                                                                    Function 00470C50 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000), ref: 00470CA1
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to set NTFS compression state (%d)., xrefs: 00470CB2
                                                                                                                                                                    • Unsetting NTFS compression on directory: %s, xrefs: 00470C87
                                                                                                                                                                    • Setting NTFS compression on directory: %s, xrefs: 00470C6F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                                                                                                                                                    • API String ID: 1452528299-1392080489
                                                                                                                                                                    • Opcode ID: dfbe84044b29f3d57c509b65a983513d49cbe1f7a65d8e2e78e9d92552162f9b
                                                                                                                                                                    • Instruction ID: 2f8c6a7a6e35e8588bbb9e762321129d74c961a1f58895d436786832a4f1a68a
                                                                                                                                                                    • Opcode Fuzzy Hash: dfbe84044b29f3d57c509b65a983513d49cbe1f7a65d8e2e78e9d92552162f9b
                                                                                                                                                                    • Instruction Fuzzy Hash: 04018B30D09248AACB15D7ED94812DDFBE89F0D305F54C1EFA459E7342DF790A08879A
                                                                                                                                                                    Function 004713FC Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 0047144D
                                                                                                                                                                    Strings
                                                                                                                                                                    • Unsetting NTFS compression on file: %s, xrefs: 00471433
                                                                                                                                                                    • Setting NTFS compression on file: %s, xrefs: 0047141B
                                                                                                                                                                    • Failed to set NTFS compression state (%d)., xrefs: 0047145E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                                                                                                                                                    • API String ID: 1452528299-3038984924
                                                                                                                                                                    • Opcode ID: fe182551a98f743fcb6dc7018ea21a6c51c49eaeb083c5d16317d3ad1726425c
                                                                                                                                                                    • Instruction ID: a30ff693f52cd42e459b797e94763e7277481e0955e0c4e592f957c66b82d28b
                                                                                                                                                                    • Opcode Fuzzy Hash: fe182551a98f743fcb6dc7018ea21a6c51c49eaeb083c5d16317d3ad1726425c
                                                                                                                                                                    • Instruction Fuzzy Hash: 41016730D0424866CB1497AD64422DDBBE89F4D315F94C1EFA458E7352DE790A0887AA
                                                                                                                                                                    Function 0047E054 Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CountSleepTick
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2227064392-0
                                                                                                                                                                    • Opcode ID: 7a6cf00e849a72ae9b7c9e807423b016e7e0372c52ff639197e730e10fae8954
                                                                                                                                                                    • Instruction ID: 9be5390d37519caeffefa09d8943b7800c28e667e42796fceef54f4227176e6c
                                                                                                                                                                    • Opcode Fuzzy Hash: 7a6cf00e849a72ae9b7c9e807423b016e7e0372c52ff639197e730e10fae8954
                                                                                                                                                                    • Instruction Fuzzy Hash: 28E0E5213092A855C63035BB58C26AF45C9DA89768B244ABFE088D6283C89C4C05652E
                                                                                                                                                                    Function 0047944C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,?,00000001,00000000,00000002,00000000,00482671,?,?,?,?,?,0049A5C3,00000000,0049A5EB), ref: 00479455
                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,00000001,00000000,00000002,00000000,00482671,?,?,?,?,?,0049A5C3,00000000), ref: 0047945B
                                                                                                                                                                    • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,?,00000001,00000000,00000002,00000000,00482671), ref: 0047947D
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,?,00000001,00000000,00000002,00000000,00482671), ref: 0047948E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 215268677-0
                                                                                                                                                                    • Opcode ID: 12c79f45c39557d558aad55d242c7f0d469a9dd87c4038344e0fee285634d2aa
                                                                                                                                                                    • Instruction ID: 6505384fcc0360b3c734b71afb4e1a1a4ab6f9baee95e57f14d901b11eacad59
                                                                                                                                                                    • Opcode Fuzzy Hash: 12c79f45c39557d558aad55d242c7f0d469a9dd87c4038344e0fee285634d2aa
                                                                                                                                                                    • Instruction Fuzzy Hash: 90F030716447006BD600EAB58D82E9B73DCEB44354F04883EBE98CB2C1D678DC08AB76
                                                                                                                                                                    Function 0047B524 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,0047CE0D,?,00000000,00000000,00000001,00000000,0047B7C1,?,00000000), ref: 0047B785
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to parse "reg" constant, xrefs: 0047B78C
                                                                                                                                                                    • Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 0047B5F9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close
                                                                                                                                                                    • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant
                                                                                                                                                                    • API String ID: 3535843008-1938159461
                                                                                                                                                                    • Opcode ID: aeac2b284915f0d3026f82830a8313e26b9b79e223d2ba9f6b9ae428c97bed97
                                                                                                                                                                    • Instruction ID: f1421b174eee6fc7f54e6f8e7a43c19df08b7389384ab18ee26f4796af10067b
                                                                                                                                                                    • Opcode Fuzzy Hash: aeac2b284915f0d3026f82830a8313e26b9b79e223d2ba9f6b9ae428c97bed97
                                                                                                                                                                    • Instruction Fuzzy Hash: 89815175E00208AFCB10DFA5D481BDEBBF9EF48354F50816AE454A7391DB38AE05CB99
                                                                                                                                                                    Function 004775F4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?,?,00000000,00000000,00477727,?,00000000,00477738,?,00000000,00477781), ref: 004776F8
                                                                                                                                                                    • SetFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,00000000,00000000,00477727,?,00000000,00477738,?,00000000,00477781), ref: 0047770C
                                                                                                                                                                    Strings
                                                                                                                                                                    • Extracting temporary file: , xrefs: 00477634
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileTime$Local
                                                                                                                                                                    • String ID: Extracting temporary file:
                                                                                                                                                                    • API String ID: 791338737-4171118009
                                                                                                                                                                    • Opcode ID: 8d8d29b45fb9742880719863d89589a4356bfd1e7f13b2e05d84abbcd72ab195
                                                                                                                                                                    • Instruction ID: 13e9f88ccb8282ea38195536ff5c63a907cbb836f3d7a61bc1ee4cb3f854d839
                                                                                                                                                                    • Opcode Fuzzy Hash: 8d8d29b45fb9742880719863d89589a4356bfd1e7f13b2e05d84abbcd72ab195
                                                                                                                                                                    • Instruction Fuzzy Hash: 4041B774A04649AFCB01DF65CC91AEFBBB8EB09304F51847AF910A7391D678A901CB98
                                                                                                                                                                    Function 0046D8CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • Failed to proceed to next wizard page; aborting., xrefs: 0046D9E4
                                                                                                                                                                    • Failed to proceed to next wizard page; showing wizard., xrefs: 0046D9F8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                                                                                                                                                    • API String ID: 0-1974262853
                                                                                                                                                                    • Opcode ID: add31560b0341e522612951ad2314b824f5c06f277653e44a4d324fe3becfdea
                                                                                                                                                                    • Instruction ID: 84e2974eb34e4f2dda2b8c8cb2eefec3d4715c8d151fead2dfc4afe0ae77ca03
                                                                                                                                                                    • Opcode Fuzzy Hash: add31560b0341e522612951ad2314b824f5c06f277653e44a4d324fe3becfdea
                                                                                                                                                                    • Instruction Fuzzy Hash: 4D319E70F04204EFD711EB69D989BA977F5EB05304F6500BBE408AB3A2D7786E44CB1A
                                                                                                                                                                    Function 0047A0E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0042E26C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00484FCF,?,00000001,?,?,00484FCF,?,00000001,00000000), ref: 0042E288
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,0047A1C6,?,?,00000001,00000000,00000000,0047A1E1), ref: 0047A1AF
                                                                                                                                                                    Strings
                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0047A13A
                                                                                                                                                                    • %s\%s_is1, xrefs: 0047A158
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                    • String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                    • API String ID: 47109696-1598650737
                                                                                                                                                                    • Opcode ID: 355d5f519cdb4b3bbdb6712eda2a271a8158444f82fadfbc4a71708306ea76ac
                                                                                                                                                                    • Instruction ID: 0d63d1a050f55a8da938840af3d9f6bfa62d29ba12cdbe4796c61ae60ad15f2e
                                                                                                                                                                    • Opcode Fuzzy Hash: 355d5f519cdb4b3bbdb6712eda2a271a8158444f82fadfbc4a71708306ea76ac
                                                                                                                                                                    • Instruction Fuzzy Hash: 8E216474B042449FEB01DFA9CC516EEBBF8EB89704F90847AE404E7381D7789E158B59
                                                                                                                                                                    Function 0045080C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 004508A1
                                                                                                                                                                    • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 004508D2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExecuteMessageSendShell
                                                                                                                                                                    • String ID: open
                                                                                                                                                                    • API String ID: 812272486-2758837156
                                                                                                                                                                    • Opcode ID: ecebf72486316a37e3830fd15e4a4b51011a10e5760c3bac1abab3b5df80333e
                                                                                                                                                                    • Instruction ID: f57ce05e9eba324e121f638db0535f08eb0d68243c76b72727f5d658c61a4d86
                                                                                                                                                                    • Opcode Fuzzy Hash: ecebf72486316a37e3830fd15e4a4b51011a10e5760c3bac1abab3b5df80333e
                                                                                                                                                                    • Instruction Fuzzy Hash: 4C216075E00604BFDB00EFA9C981E9EB7F8EB44705F10817AB904F7292D7789A45CB88
                                                                                                                                                                    Function 00402584 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlEnterCriticalSection.KERNEL32(0049D420,00000000,)), ref: 004025C7
                                                                                                                                                                    • RtlLeaveCriticalSection.KERNEL32(0049D420,0040263D), ref: 00402630
                                                                                                                                                                      • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049D420,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                                                      • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049D420,0049D420,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                                                      • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049D420,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                                                      • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049D420,00401A89,00000000,00401A82,?,?,0040222E,022076C0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                                    • String ID: )
                                                                                                                                                                    • API String ID: 2227675388-1084416617
                                                                                                                                                                    • Opcode ID: b1c34bbcfa7d0433af8c48dff581505e6c7889bd18d36f496ad8d1521465f649
                                                                                                                                                                    • Instruction ID: 570f99ef1d3d95e4b4d80a2adc1962b98f522b57bc72750d6ce688ebb538822c
                                                                                                                                                                    • Opcode Fuzzy Hash: b1c34bbcfa7d0433af8c48dff581505e6c7889bd18d36f496ad8d1521465f649
                                                                                                                                                                    • Instruction Fuzzy Hash: CE110131B042046FEB25AF799F1A62AAAD4D79575CB64087FF404F32D2D9BD9C02826C
                                                                                                                                                                    Function 00498416 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 00498451
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window
                                                                                                                                                                    • String ID: /INITPROCWND=$%x $@
                                                                                                                                                                    • API String ID: 2353593579-4169826103
                                                                                                                                                                    • Opcode ID: 3a83e6e038dbafd0e3ea01eb6dd6426255c1a8b46f58718dc6178500fe069b44
                                                                                                                                                                    • Instruction ID: a9318bdce5e824465d4436be78f64917a5ae5ef5b8220d929174e0d313b11457
                                                                                                                                                                    • Opcode Fuzzy Hash: 3a83e6e038dbafd0e3ea01eb6dd6426255c1a8b46f58718dc6178500fe069b44
                                                                                                                                                                    • Instruction Fuzzy Hash: EF119370A082059FDB01DBA9D851BAEBBE8EF49314F11847BE504E7292EA3C99058B58
                                                                                                                                                                    Function 004478B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                                      • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00447966
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$AllocByteCharFreeMultiWide
                                                                                                                                                                    • String ID: NIL Interface Exception$Unknown Method
                                                                                                                                                                    • API String ID: 3952431833-1023667238
                                                                                                                                                                    • Opcode ID: 70ba3522b845855dab444de1b23a8273934cab06eb7d35c41ad99f78b19136e2
                                                                                                                                                                    • Instruction ID: 10ddd43a001eab7360299ad3f405319ab988bcee1c7d5b08318f9ee426dd8228
                                                                                                                                                                    • Opcode Fuzzy Hash: 70ba3522b845855dab444de1b23a8273934cab06eb7d35c41ad99f78b19136e2
                                                                                                                                                                    • Instruction Fuzzy Hash: 9211E9716042089FEB10EFA58D51A6FBBBDEB09304F91403AF500F7281C7789D01C769
                                                                                                                                                                    Function 00497C88 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00497D50,?,00497D44,00000000,00497D2B), ref: 00497CF6
                                                                                                                                                                    • CloseHandle.KERNEL32(00497D90,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00497D50,?,00497D44,00000000), ref: 00497D0D
                                                                                                                                                                      • Part of subcall function 00497BE0: GetLastError.KERNEL32(00000000,00497C78,?,?,?,?), ref: 00497C04
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseCreateErrorHandleLastProcess
                                                                                                                                                                    • String ID: D
                                                                                                                                                                    • API String ID: 3798668922-2746444292
                                                                                                                                                                    • Opcode ID: fa801604313bbcf5bad1c809e54cc79b99171c4bcc775748dbd6482f863af330
                                                                                                                                                                    • Instruction ID: a89f5070db7a5e6d261d16ca7c1b7ea99db6432e353ebe52f8e4aa70fd7af1a9
                                                                                                                                                                    • Opcode Fuzzy Hash: fa801604313bbcf5bad1c809e54cc79b99171c4bcc775748dbd6482f863af330
                                                                                                                                                                    • Instruction Fuzzy Hash: 1001A1B0608248AFDB00DBA5DC42FAF7BACDF09704F60013BF504E72C1E6785E008668
                                                                                                                                                                    Function 0042E1B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042E1C8
                                                                                                                                                                    • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042E208
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Value$EnumQuery
                                                                                                                                                                    • String ID: Inno Setup: No Icons
                                                                                                                                                                    • API String ID: 1576479698-2016326496
                                                                                                                                                                    • Opcode ID: 5fa1588eb3983bc8147b11ac52db8119f930d32b550c0df0fd023eaaf2352da0
                                                                                                                                                                    • Instruction ID: e7333c3f072e055346127a6a42ec618886ffe365ff3054ef7f5207155727e60c
                                                                                                                                                                    • Opcode Fuzzy Hash: 5fa1588eb3983bc8147b11ac52db8119f930d32b550c0df0fd023eaaf2352da0
                                                                                                                                                                    • Instruction Fuzzy Hash: 3C01DB32745371A9F73145137D41B7B65CC8B42B60F64057BF941FA2C1DA68AC0592BE
                                                                                                                                                                    Function 004535CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFileAttributesA.KERNEL32(00000000,?,00000000,0045362D,?,?,-00000001,?), ref: 00453607
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000000,0045362D,?,?,-00000001,?), ref: 0045360F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                                                                                    • String ID: @8H
                                                                                                                                                                    • API String ID: 1799206407-3762495883
                                                                                                                                                                    • Opcode ID: 65c44507f9335e4e2a077e4ee2190135d3d5d768f820153090acd923ffb3f295
                                                                                                                                                                    • Instruction ID: 2a718f5fbeded0ca4f0ca1a684ecb9b724474f3cd93569f9f0dcaab09f3de9c7
                                                                                                                                                                    • Opcode Fuzzy Hash: 65c44507f9335e4e2a077e4ee2190135d3d5d768f820153090acd923ffb3f295
                                                                                                                                                                    • Instruction Fuzzy Hash: 49F0F971A04204BBCB10DF7AAC4249EF7ECDB49362711457BFC14D3342E6784E088598
                                                                                                                                                                    Function 0045304C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DeleteFileA.KERNEL32(00000000,00000000,004530A9,?,-00000001,?), ref: 00453083
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,004530A9,?,-00000001,?), ref: 0045308B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DeleteErrorFileLast
                                                                                                                                                                    • String ID: @8H
                                                                                                                                                                    • API String ID: 2018770650-3762495883
                                                                                                                                                                    • Opcode ID: cbbe5e8e8074a6d2d967a7bcc5077bf0259fbe750dccdc66cec10f6e01c17014
                                                                                                                                                                    • Instruction ID: 483a50349848f844724b37c9089874c2f5155cc8dca7ffd3c90c1c5b4081c312
                                                                                                                                                                    • Opcode Fuzzy Hash: cbbe5e8e8074a6d2d967a7bcc5077bf0259fbe750dccdc66cec10f6e01c17014
                                                                                                                                                                    • Instruction Fuzzy Hash: 74F0C871A04708AFCB01DFB9AC4249EB7ECDB0975675045B7FC04E3282EB785F188599
                                                                                                                                                                    Function 00453554 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(00000000,00000000,004535B1,?,-00000001,00000000), ref: 0045358B
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,004535B1,?,-00000001,00000000), ref: 00453593
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DirectoryErrorLastRemove
                                                                                                                                                                    • String ID: @8H
                                                                                                                                                                    • API String ID: 377330604-3762495883
                                                                                                                                                                    • Opcode ID: ed9ee3e2dc24464d0c236720d007919d28e5762e289691b171a35ab4808c6178
                                                                                                                                                                    • Instruction ID: 7fd71ab76445d730fbf8dcc8275d2678ef65a3f2b88ec35f2c7a4b5c8e56db9b
                                                                                                                                                                    • Opcode Fuzzy Hash: ed9ee3e2dc24464d0c236720d007919d28e5762e289691b171a35ab4808c6178
                                                                                                                                                                    • Instruction Fuzzy Hash: B2F0C271A04608BBCB01EFB9AC4249EB7E8EB0975675049BBFC04E3242F7785F088598
                                                                                                                                                                    Function 004998EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0047E3D0: FreeLibrary.KERNEL32(73AF0000,00482E1B), ref: 0047E3E6
                                                                                                                                                                      • Part of subcall function 0047E0A8: GetTickCount.KERNEL32 ref: 0047E0F2
                                                                                                                                                                      • Part of subcall function 00457A90: SendMessageA.USER32(00000000,00000B01,00000000,00000000), ref: 00457AAF
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,0049A243), ref: 00499941
                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,0049A243), ref: 00499947
                                                                                                                                                                    Strings
                                                                                                                                                                    • Detected restart. Removing temporary directory., xrefs: 004998FB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                                                                                                                    • String ID: Detected restart. Removing temporary directory.
                                                                                                                                                                    • API String ID: 1717587489-3199836293
                                                                                                                                                                    • Opcode ID: cf4eeb9d2890f889123e5d43942b6b9d65dcdfa64d28096ccc0edee5f77a06bc
                                                                                                                                                                    • Instruction ID: 3ff60914118e938cb0b4ccf38de38d34f2fcffefe5e82e60aedbfe03ba6cc694
                                                                                                                                                                    • Opcode Fuzzy Hash: cf4eeb9d2890f889123e5d43942b6b9d65dcdfa64d28096ccc0edee5f77a06bc
                                                                                                                                                                    • Instruction Fuzzy Hash: 7DE0E5B12086446EDE1277AB6C1796B3F8CD74A76CB11447FF80491652E82D4C108A3D
                                                                                                                                                                    Function 00455E10 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2998456675.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000002.00000002.2998379154.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998673989.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998753349.000000000049C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998805859.000000000049D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    • Associated: 00000002.00000002.2998865309.00000000004AD000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_freekernelpstviewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastSleep
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1458359878-0
                                                                                                                                                                    • Opcode ID: 236f9049deb3fc3096a2afbd0e882a9e848a96fca990b94eeb1e0dfc0708dab4
                                                                                                                                                                    • Instruction ID: 0e0098d5c51f6c3332c54b3c49cab550602dc5c9badc8da443834b62d3c24bba
                                                                                                                                                                    • Opcode Fuzzy Hash: 236f9049deb3fc3096a2afbd0e882a9e848a96fca990b94eeb1e0dfc0708dab4
                                                                                                                                                                    • Instruction Fuzzy Hash: BCF02B32F00914E74F30A76AA88393F628CDA417A6720012BFC04DB303D53CDE0586A8

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:0.3%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:80%
                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                    Total number of Nodes:30
                                                                                                                                                                    Total number of Limit Nodes:2
                                                                                                                                                                    execution_graph 11919 2000450d 11920 20004544 11919->11920 11921 2000451b EnterCriticalSection 11919->11921 11922 20004560 11921->11922 11923 20004530 LeaveCriticalSection 11921->11923 11926 20004576 lstrlenW 11922->11926 11923->11920 11939 20001849 11926->11939 11929 20001849 HeapAlloc 11930 200045dd WideCharToMultiByte 11929->11930 11942 2000463c 11930->11942 11933 20004605 11935 20004620 11933->11935 11936 2000b5dd HeapFree 11933->11936 11934 2000463c 7 API calls 11934->11933 11937 20004565 11935->11937 11938 2000b5f1 HeapFree 11935->11938 11936->11935 11937->11923 11938->11937 11940 2000185a WideCharToMultiByte lstrlenW 11939->11940 11941 2000a68e HeapAlloc 11939->11941 11940->11929 11943 20004652 RegOpenKeyA 11942->11943 11944 200045fc 11942->11944 11943->11944 11945 2000466c 11943->11945 11944->11933 11944->11934 11946 20004677 RegOpenKeyA 11945->11946 11947 200046a8 RegCloseKey 11945->11947 11946->11947 11948 20004685 11946->11948 11947->11944 11952 200046b5 lstrlenA 11948->11952 11953 2000d956 11952->11953 11954 200046d7 11952->11954 11955 200046e9 RegQueryValueA 11954->11955 11956 20004705 lstrcmpA 11955->11956 11957 20004695 RegCloseKey 11955->11957 11956->11957 11957->11947

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 20004576 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82stringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(DB4C0D00-400B-101B-A3C9-08002B2F49FB,?,2001E018), ref: 2000458E
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,DB4C0D00-400B-101B-A3C9-08002B2F49FB,000000FF,?,?,00000000,00000000,?,?,2001E018), ref: 200045BB
                                                                                                                                                                    • lstrlenW.KERNEL32(DC4D7920-6AC8-11cf-8ADB-00AA00C00905,?,2001E018), ref: 200045CB
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,DC4D7920-6AC8-11cf-8ADB-00AA00C00905,000000FF,?,00000002,00000000,00000000,00000002,?,2001E018), ref: 200045EF
                                                                                                                                                                      • Part of subcall function 2000463C: RegOpenKeyA.ADVAPI32(80000000,Licenses,2001E018), ref: 20004666
                                                                                                                                                                      • Part of subcall function 2000463C: RegOpenKeyA.ADVAPI32(2001E018,2001E018,2001E018), ref: 2000467F
                                                                                                                                                                      • Part of subcall function 2000463C: RegCloseKey.ADVAPI32(2001E018), ref: 200046A6
                                                                                                                                                                      • Part of subcall function 2000463C: RegCloseKey.ADVAPI32(2001E018,74DEDFF0), ref: 200046AB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharCloseMultiOpenWidelstrlen
                                                                                                                                                                    • String ID: DB4C0D00-400B-101B-A3C9-08002B2F49FB$DC4D7920-6AC8-11cf-8ADB-00AA00C00905
                                                                                                                                                                    • API String ID: 3215314100-2126104738
                                                                                                                                                                    • Opcode ID: 2431df71f02d140d3d0236ba5a772fb08d16cb43b2837dd2f92e8de74f390ec8
                                                                                                                                                                    • Instruction ID: 791f3141b9cf7cbe5576b1ab450a29d3fbee4a0e26c50cda811baf38cee7c65b
                                                                                                                                                                    • Opcode Fuzzy Hash: 2431df71f02d140d3d0236ba5a772fb08d16cb43b2837dd2f92e8de74f390ec8
                                                                                                                                                                    • Instruction Fuzzy Hash: CA21D171805129BBFB219BD58D84FCFBBBAAF06369F1041A4F244A2051EAB55F80DB50
                                                                                                                                                                    Function 2000463C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyA.ADVAPI32(80000000,Licenses,2001E018), ref: 20004666
                                                                                                                                                                    • RegOpenKeyA.ADVAPI32(2001E018,2001E018,2001E018), ref: 2000467F
                                                                                                                                                                      • Part of subcall function 200046B5: lstrlenA.KERNEL32(2001E018,75A901E0), ref: 200046C4
                                                                                                                                                                      • Part of subcall function 200046B5: RegQueryValueA.ADVAPI32(2001E018,00000000,?,?), ref: 200046FB
                                                                                                                                                                      • Part of subcall function 200046B5: lstrcmpA.KERNEL32(?,20004695), ref: 2000470F
                                                                                                                                                                    • RegCloseKey.ADVAPI32(2001E018), ref: 200046A6
                                                                                                                                                                    • RegCloseKey.ADVAPI32(2001E018,74DEDFF0), ref: 200046AB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen$QueryValuelstrcmplstrlen
                                                                                                                                                                    • String ID: Licenses
                                                                                                                                                                    • API String ID: 3669318291-2252631401
                                                                                                                                                                    • Opcode ID: 35e232ab0828fdbf427d54f65501e69c4a914533999c67d3407fecc1aa54e296
                                                                                                                                                                    • Instruction ID: bafdddf8cb12318802c44fb41e82698431d8b42657c4ebfdca41b480f32bb2d9
                                                                                                                                                                    • Opcode Fuzzy Hash: 35e232ab0828fdbf427d54f65501e69c4a914533999c67d3407fecc1aa54e296
                                                                                                                                                                    • Instruction Fuzzy Hash: F9014FB1901109BBFB109B95CC80FDEBFBEEF81254F100065AD04A2115E732DF659EA6
                                                                                                                                                                    Function 2000450D Relevance: 2.5, APIs: 2, Instructions: 32COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018), ref: 20004521
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018), ref: 20004531
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3168844106-0
                                                                                                                                                                    • Opcode ID: 9377354075d77e26f2af1a68f1fb5ff3785d267041229ac988f2d96b1aa06363
                                                                                                                                                                    • Instruction ID: b03c788ec74f78c972d924d16f60a5c5ff049d45364138cccb3e4c3f21a07d6c
                                                                                                                                                                    • Opcode Fuzzy Hash: 9377354075d77e26f2af1a68f1fb5ff3785d267041229ac988f2d96b1aa06363
                                                                                                                                                                    • Instruction Fuzzy Hash: ECF096B1409E54DBF7019F94DD08BDDB7A3AB04302F504025F6185A172C7BD9EA0FBA9

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 20007BD0 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 201librarystringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 740 20007bd0-20007bf6 EnterCriticalSection 741 2000d4a1-2000d4a4 740->741 742 20007bfc-20007c03 740->742 743 2000d4aa-2000d4ad 741->743 744 20007dae 741->744 742->744 745 20007c09-20007c0c 742->745 743->742 749 2000d4b3 743->749 748 20007db0-20007db5 744->748 746 20007c11-20007c26 GetLocaleInfoA 745->746 747 20007c0e 745->747 746->744 750 20007c2c-20007c4c LoadStringA 746->750 747->746 751 20007db7 748->751 752 20007db9-20007dc3 748->752 749->744 750->744 753 20007c52-20007cb6 wsprintfA GetModuleFileNameA call 20007e15 LoadLibraryA 750->753 751->752 754 20007dc5-20007dc7 752->754 755 20007dd7-20007dde 752->755 753->748 768 20007cbc-20007cc9 lstrlenA 753->768 757 20007dd1 754->757 758 20007dc9-20007dcf 754->758 759 20007de4-20007de9 755->759 760 2000d4b8-2000d4be 755->760 757->755 758->755 758->757 764 2000d4d1-2000d4f4 GetModuleFileNameA call 2001646b 759->764 765 20007def-20007df1 759->765 761 20007e01-20007e12 LeaveCriticalSection 760->761 762 2000d4c4-2000d4c6 760->762 762->759 766 2000d4cc 762->766 774 2000d4f6-2000d4f8 764->774 775 2000d4fe-2000d507 764->775 769 20007df3-20007df9 765->769 770 20007dfb 765->770 766->761 772 20007d17-20007d19 768->772 773 20007ccb-20007d15 wsprintfA call 20007e15 LoadLibraryA 768->773 769->761 769->770 770->761 772->748 777 20007d1f-20007d39 GetLocaleInfoA 772->777 773->772 774->765 774->775 778 2000d515-2000d51a 775->778 779 2000d509-2000d50f 775->779 777->744 781 20007d3b-20007d65 lstrlenA LoadLibraryA 777->781 779->765 779->778 781->748 782 20007d67-20007dac wsprintfA call 20007e15 LoadLibraryA 781->782 782->744
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,?,2001E040,?), ref: 20007BE1
                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,00000003,?,00000005), ref: 20007C22
                                                                                                                                                                    • LoadStringA.USER32(000003E9,?,00000104), ref: 20007C44
                                                                                                                                                                    • wsprintfA.USER32 ref: 20007C69
                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104), ref: 20007C80
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 20007CB0
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 20007CC0
                                                                                                                                                                    • wsprintfA.USER32 ref: 20007CE6
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 20007D13
                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000400,00000003,?,00000005), ref: 20007D35
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 20007D42
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 20007D5F
                                                                                                                                                                    • wsprintfA.USER32 ref: 20007D7D
                                                                                                                                                                      • Part of subcall function 20007E15: lstrcpyA.KERNEL32(20007CA0,?,74DE8410,00000104,?,20007CA0,?,?,?), ref: 20007E27
                                                                                                                                                                      • Part of subcall function 20007E15: CharNextA.USER32(20007CA0,?,20007CA0,?,?,?), ref: 20007E3E
                                                                                                                                                                      • Part of subcall function 20007E15: lstrcpyA.KERNEL32(?,?,?,20007CA0,?,?,?), ref: 20007E4E
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 20007DAA
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018), ref: 20007E06
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Load$Library$wsprintf$CriticalInfoLocaleSectionlstrcpylstrlen$CharEnterFileLeaveModuleNameNextString
                                                                                                                                                                    • String ID: %s%s.DLL$%s%s.DLL$%u\%s.dll
                                                                                                                                                                    • API String ID: 1304119391-3151905192
                                                                                                                                                                    • Opcode ID: 8c96c7f55da6df1cc32e2c4ccda43db0f68b74c4fc10fa78ad04e5e35de178d8
                                                                                                                                                                    • Instruction ID: 4cea759d206729d69c90ae58dae8e9697ae93c0272444616487ced3fcb72758a
                                                                                                                                                                    • Opcode Fuzzy Hash: 8c96c7f55da6df1cc32e2c4ccda43db0f68b74c4fc10fa78ad04e5e35de178d8
                                                                                                                                                                    • Instruction Fuzzy Hash: 70712E72804559ABFB11DB94CC88BDAB7BEBB14344F0044B6E608D7151D7B8ABC49FA1
                                                                                                                                                                    Function 20017FD3 Relevance: 6.2, APIs: 4, Instructions: 242keyboardCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetKeyState.USER32(00000001), ref: 2001803A
                                                                                                                                                                    • GetKeyState.USER32(00000002), ref: 2001804D
                                                                                                                                                                      • Part of subcall function 20001885: HeapAlloc.KERNEL32(?,00000000,?,20002EA8,00000018,?), ref: 2000189A
                                                                                                                                                                    • ReleaseCapture.USER32 ref: 200181D7
                                                                                                                                                                    • DoDragDrop.OLE32(00000000,00000000,00000000,?), ref: 2001823B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: State$AllocCaptureDragDropHeapRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3576689626-0
                                                                                                                                                                    • Opcode ID: ba523b5134fc8be3d7fb642064531b9ec915cf4fe13909b911d74ab996fec6ba
                                                                                                                                                                    • Instruction ID: c78ffdbddf8480c2e90094c8d3f2e56e53e751804dfdfe91309cfacd89a49e3c
                                                                                                                                                                    • Opcode Fuzzy Hash: ba523b5134fc8be3d7fb642064531b9ec915cf4fe13909b911d74ab996fec6ba
                                                                                                                                                                    • Instruction Fuzzy Hash: 8581AE72A00A08AFFB068FE1C845BAEF7FAAF48310F14452DE60597681DB75DB81CB54
                                                                                                                                                                    Function 20007E15 Relevance: 5.0, APIs: 4, Instructions: 33stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrcpyA.KERNEL32(20007CA0,?,74DE8410,00000104,?,20007CA0,?,?,?), ref: 20007E27
                                                                                                                                                                    • CharNextA.USER32(20007CA0,?,20007CA0,?,?,?), ref: 20007E3E
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?,?,20007CA0,?,?,?), ref: 20007E4E
                                                                                                                                                                    • CharNextA.USER32(20007CA0,00000000,?,20007CA0,?,?,?), ref: 20007E55
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CharNextlstrcpy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 954674887-0
                                                                                                                                                                    • Opcode ID: 9763fcf70011cc33c61f920a25b0cb5104d9f19d7900af5af8fc40f787d9ba86
                                                                                                                                                                    • Instruction ID: 9d16aa04a15ebf0ca42fda4d64434a978fa39bfe5291ee1d1ede481f955d945c
                                                                                                                                                                    • Opcode Fuzzy Hash: 9763fcf70011cc33c61f920a25b0cb5104d9f19d7900af5af8fc40f787d9ba86
                                                                                                                                                                    • Instruction Fuzzy Hash: 16F05E32806698BEFB025FA5CC40ACABFDAAF49250F144499F64847111D3796E809BD0
                                                                                                                                                                    Function 2000686B Relevance: 4.5, APIs: 3, Instructions: 27keyboardCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetKeyState.USER32(00000010), ref: 20006876
                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 20006884
                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 20006890
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: State
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1649606143-0
                                                                                                                                                                    • Opcode ID: f091aed467d8cdbe49bfeafcdfa8ae5a4942e88dc7c62854834329acac80eea0
                                                                                                                                                                    • Instruction ID: ab4b3fe0f8d34f84583a52a776c974ffcfbcc0a1b940d07067ad73d5332bb33d
                                                                                                                                                                    • Opcode Fuzzy Hash: f091aed467d8cdbe49bfeafcdfa8ae5a4942e88dc7c62854834329acac80eea0
                                                                                                                                                                    • Instruction Fuzzy Hash: 82E0863B34123D1AEB046E7C9C91BEA2218EB803E1F44007F9A01E30A08E905C155B90
                                                                                                                                                                    Function 20006D21 Relevance: 4.5, APIs: 3, Instructions: 27keyboardCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetKeyState.USER32(00000010), ref: 20006D2C
                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 20006D3A
                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 20006D46
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: State
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1649606143-0
                                                                                                                                                                    • Opcode ID: f091aed467d8cdbe49bfeafcdfa8ae5a4942e88dc7c62854834329acac80eea0
                                                                                                                                                                    • Instruction ID: ab4b3fe0f8d34f84583a52a776c974ffcfbcc0a1b940d07067ad73d5332bb33d
                                                                                                                                                                    • Opcode Fuzzy Hash: f091aed467d8cdbe49bfeafcdfa8ae5a4942e88dc7c62854834329acac80eea0
                                                                                                                                                                    • Instruction Fuzzy Hash: 82E0863B34123D1AEB046E7C9C91BEA2218EB803E1F44007F9A01E30A08E905C155B90
                                                                                                                                                                    Function 20010CC7 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 20010CD1
                                                                                                                                                                    • GetKeyState.USER32(00000010), ref: 20010CDE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: State
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1649606143-0
                                                                                                                                                                    • Opcode ID: 00dcd803545dbed650744c740700009243cf374bbf5a8cafe5f3b7c9d75e7294
                                                                                                                                                                    • Instruction ID: c3a06005aefce710b039bbc58f4d88103f24588fdce0f763305bc30d8ecaa26e
                                                                                                                                                                    • Opcode Fuzzy Hash: 00dcd803545dbed650744c740700009243cf374bbf5a8cafe5f3b7c9d75e7294
                                                                                                                                                                    • Instruction Fuzzy Hash: B9E0D833A55A1A4EF3109B759D00B96B2D1AFA4B50F070524DD81FF291C6A4CC41DAE2
                                                                                                                                                                    Function 20001821 Relevance: 2.5, APIs: 2, Instructions: 13memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000,?), ref: 20001835
                                                                                                                                                                    • GetProcessHeap.KERNEL32(20004434,0000000C), ref: 2000D46C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1617791916-0
                                                                                                                                                                    • Opcode ID: 571e92eefc45bf9fb9f40aee4f868299cdfe62d5335b881faa8254b731f6d29a
                                                                                                                                                                    • Instruction ID: fb0c3095f058c386059724da59d9fb9e00203078db2126c6516d3817aa3b0872
                                                                                                                                                                    • Opcode Fuzzy Hash: 571e92eefc45bf9fb9f40aee4f868299cdfe62d5335b881faa8254b731f6d29a
                                                                                                                                                                    • Instruction Fuzzy Hash: 42D0C974708641AFFF029F61CD88B4A7BE6BB44740F408825E586C2061EBB9D980AB11
                                                                                                                                                                    Function 20015564 Relevance: 117.7, APIs: 53, Strings: 14, Instructions: 444registrystringcomCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 41 20015564-2001558e call 200153c5 44 20015594-200155ef lstrcpyA lstrcatA * 2 RegCreateKeyExA 41->44 45 200159d6 41->45 47 200155f5-200155f8 44->47 48 200159ba-200159bd 44->48 46 200159d8-200159dc 45->46 49 200159dd-200159e7 lstrcpyA 47->49 50 200155fe-2001563f wsprintfA lstrlenA RegSetValueExA 47->50 48->45 51 200159bf-200159cb RegCloseKey 48->51 54 200159ee-200159f8 lstrcpyA 49->54 50->48 52 20015645-2001566a RegCreateKeyExA 50->52 51->45 53 200159cd-200159d0 RegCloseKey 51->53 52->48 55 20015670-20015680 call 2001537a 52->55 53->45 57 20015a03-20015a53 wsprintfA lstrlenA RegSetValueExA CoCreateInstance 54->57 55->48 61 20015686-2001569d lstrlenA RegSetValueExA 55->61 59 20015a70-20015a82 RegCloseKey * 2 57->59 60 20015a55-20015a6b 57->60 59->46 60->59 61->48 62 200156a3-200156d1 RegCloseKey RegCreateKeyExA 61->62 62->48 64 200156d7-20015712 wsprintfA lstrlenA RegSetValueExA 62->64 64->48 65 20015718-20015753 RegCloseKey * 2 RegCreateKeyExA 64->65 65->48 66 20015759-2001575c 65->66 66->54 67 20015762-20015797 wsprintfA lstrlenA RegSetValueExA 66->67 67->48 68 2001579d-200157c2 RegCreateKeyExA 67->68 68->48 69 200157c8-200157df lstrlenA RegSetValueExA 68->69 69->48 70 200157e5-20015807 RegCloseKey * 2 call 2001537a 69->70 70->48 73 2001580d-2001584f wsprintfA RegCreateKeyExA 70->73 73->48 74 20015855-2001587a RegCreateKeyExA 73->74 74->48 75 20015880-200158b8 wsprintfA lstrlenA RegSetValueExA 74->75 75->48 76 200158be-200158ec RegCloseKey RegCreateKeyExA 75->76 76->48 77 200158f2-2001592d wsprintfA lstrlenA RegSetValueExA 76->77 77->48 78 20015933-2001596f RegCloseKey RegCreateKeyExA call 2001537a 77->78 78->48 81 20015971-20015988 lstrlenA RegSetValueExA 78->81 81->48 82 2001598a-200159b8 RegCloseKey RegCreateKeyExA 81->82 82->48 82->57
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 200153C5: wsprintfA.USER32 ref: 2001541D
                                                                                                                                                                      • Part of subcall function 200153C5: RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA0C,00000000,0002001F,00000000,?,?), ref: 20015449
                                                                                                                                                                      • Part of subcall function 200153C5: wsprintfA.USER32 ref: 2001546B
                                                                                                                                                                      • Part of subcall function 200153C5: lstrlenA.KERNEL32(?), ref: 20015477
                                                                                                                                                                      • Part of subcall function 200153C5: RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 20015493
                                                                                                                                                                      • Part of subcall function 200153C5: RegCreateKeyExA.ADVAPI32(?,InprocServer32,00000000,2001EA10,00000000,0002001F,00000000,?,?), ref: 200154B6
                                                                                                                                                                      • Part of subcall function 200153C5: GetModuleFileNameA.KERNEL32(?,00000104), ref: 200154CE
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?,?,00000000,2001E1EC,00000000), ref: 200155A4
                                                                                                                                                                    • lstrcatA.KERNEL32(?,2001E7DC,?,00000000,2001E1EC,00000000), ref: 200155B8
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?,?,00000000,2001E1EC,00000000), ref: 200155C4
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA14,00000000,0002001F,00000000,?,?,?,00000000,2001E1EC,00000000), ref: 200155E7
                                                                                                                                                                    • wsprintfA.USER32 ref: 2001560D
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 20015623
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001,?,?,?,?,?,?,00000000), ref: 2001563B
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,CLSID,00000000,2001EA18,00000000,0002001F,00000000,?,?,?,?,?,?,?,?,00000000), ref: 20015662
                                                                                                                                                                      • Part of subcall function 2001537A: wsprintfA.USER32 ref: 200153BB
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 2001568A
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001,?,?,?,?,?,?,00000000), ref: 20015699
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000000), ref: 200156A6
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,CurVer,00000000,2001EA1C,00000000,0002001F,00000000,?,?,?,?,?,?,?,?,00000000), ref: 200156C9
                                                                                                                                                                    • wsprintfA.USER32 ref: 200156EC
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 200156FC
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 2001570E
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 2001571B
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 20015724
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA20,00000000,0002001F,00000000,?,?), ref: 2001574B
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015771
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 20015781
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 20015793
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,CLSID,00000000,2001EA24,00000000,0002001F,00000000,?,?), ref: 200157BA
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 200157CC
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 200157DB
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 200157E8
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 200157F1
                                                                                                                                                                    • wsprintfA.USER32 ref: 2001581D
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA28,00000000,0002001F,00000000,?,?), ref: 20015847
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,VersionIndependentProgID,00000000,2001EA2C,00000000,0002001F,00000000,?,?), ref: 20015872
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015892
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 200158A2
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 200158B4
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 200158C1
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,ProgID,00000000,2001EA30,00000000,0002001F,00000000,?,?), ref: 200158E4
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015907
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 20015917
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 20015929
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 20015936
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,TypeLib,00000000,2001EA34,00000000,0002001F,00000000,?,?), ref: 20015959
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 20015975
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 20015984
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 2001598D
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,Version,00000000,2001EA38,00000000,000F003F,00000000,?,?), ref: 200159B0
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,2001E1EC,00000000), ref: 200159C2
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,2001E1EC,00000000), ref: 200159D0
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?,?,00000000,2001E1EC,00000000), ref: 200159E7
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 200159F8
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015A15
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 20015A25
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 20015A39
                                                                                                                                                                    • CoCreateInstance.OLE32(2000E578,00000000,00000001,2000E588,?), ref: 20015A4B
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 20015A79
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 20015A7E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Create$Close$Valuelstrlenwsprintf$lstrcpy$lstrcat$FileInstanceModuleName
                                                                                                                                                                    • String ID: %ld.%ld$%s Object$%s Object$%s.%s$%s.%s.%ld$%s.%s.%ld$CLSID$CLSID$CLSID\%s$CurVer$ProgID$TypeLib$Version$VersionIndependentProgID
                                                                                                                                                                    • API String ID: 2381929038-4118072355
                                                                                                                                                                    • Opcode ID: b0bfa0234d5c0279df6cbd5e2c93a1a90f1081fd36f55d2ce327676e1872aec4
                                                                                                                                                                    • Instruction ID: bdcdd884c8a352055169257f54772a269dca1f4d924edafb3d45cb01d0d9952f
                                                                                                                                                                    • Opcode Fuzzy Hash: b0bfa0234d5c0279df6cbd5e2c93a1a90f1081fd36f55d2ce327676e1872aec4
                                                                                                                                                                    • Instruction Fuzzy Hash: 73E1B371805129FAEB21ABD0CC88EDEBF7EEF04365F100061F609E5021DB759BA4DBA1
                                                                                                                                                                    Function 2000303A Relevance: 93.5, APIs: 62, Instructions: 484windowCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 83 2000303a-20003057 GetObjectType 84 2000baf3 83->84 85 2000305d-20003063 83->85 87 2000baff-2000bb02 84->87 85->84 86 20003069-20003087 WindowFromDC 85->86 86->87 88 2000308d-20003094 86->88 89 2000bb04 call 200054ca 87->89 90 2000bb64-2000bb89 88->90 91 2000309a-2000309d 88->91 92 2000bb09 89->92 94 2000be6a-2000be6e 90->94 95 2000bb8f-2000bbe9 GetDC GetDeviceCaps * 4 ReleaseDC 90->95 91->90 93 200030a3-200030a6 91->93 106 2000bb0e-2000bb18 GetClientRect 92->106 93->90 100 200030ac-200030bc GetClipBox 93->100 96 2000be74-2000be8a CreateCompatibleDC 94->96 97 2000bca7-2000bcaf 94->97 98 2000bbf3-2000bc23 95->98 99 2000bbeb-2000bbf1 95->99 101 2000beac-2000beb1 96->101 102 2000be8c-2000bea3 CreateCompatibleBitmap 96->102 104 2000bcb5-2000bccf 97->104 105 2000bdf9-2000be16 call 200102eb 97->105 103 2000bc26-2000bc29 98->103 99->98 99->103 100->106 107 200030c2-200030e3 InvalidateRect 100->107 114 20003148-2000314c 101->114 110 2000bea5-2000bea6 DeleteDC 102->110 111 2000beb6-2000bec3 SelectObject 102->111 112 2000bc42-2000bca1 SetMapMode SetWindowExtEx SetWindowOrgEx SetViewportExtEx SetViewportOrgEx SetRect 103->112 113 2000bc2b-2000bc2e 103->113 115 2000bcd5-2000bd2b 104->115 116 2000bece-2000bf6e GetSysColor CreateSolidBrush SelectObject PatBlt * 4 SelectObject DeleteObject InflateRect 104->116 119 20003145 105->119 125 2000be1c-2000be65 StretchBlt SelectObject DeleteObject DeleteDC 105->125 118 2000bb23-2000bb5f SetMapMode SetWindowOrgEx SetViewportOrgEx SetWindowOrgEx SetViewportOrgEx 106->118 108 200030e5-2000313f SetWindowOrgEx SetViewportOrgEx CallWindowProcA ValidateRect 107->108 109 2000314f-2000315d 107->109 108->118 108->119 109->108 120 2000315f-2000319a SetMapMode SetWindowExtEx SetViewportExtEx 109->120 110->101 111->116 112->97 113->112 121 2000bc30-2000bc3f 113->121 122 2000bd30-2000bdf0 GetSysColor CreateSolidBrush SelectObject PatBlt * 2 SelectObject DeleteObject GetSysColor CreateSolidBrush SelectObject PatBlt * 2 SelectObject DeleteObject InflateRect 115->122 116->105 118->119 119->114 120->108 121->112 122->122 124 2000bdf6 122->124 124->105 125->119
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetObjectType.GDI32(?), ref: 2000304B
                                                                                                                                                                    • WindowFromDC.USER32(?), ref: 20003075
                                                                                                                                                                    • GetClipBox.GDI32(?,?), ref: 200030B3
                                                                                                                                                                    • InvalidateRect.USER32(?,?,00000000), ref: 200030CD
                                                                                                                                                                    • SetWindowOrgEx.GDI32(?,00000000,00000000,?), ref: 200030F4
                                                                                                                                                                    • SetViewportOrgEx.GDI32(?,?,?,?), ref: 20003108
                                                                                                                                                                    • CallWindowProcA.USER32(?,?,0000000F,?,00000000), ref: 20003124
                                                                                                                                                                    • ValidateRect.USER32(?,?), ref: 20003134
                                                                                                                                                                    • SetMapMode.GDI32(?,00000008), ref: 20003164
                                                                                                                                                                    • SetWindowExtEx.GDI32(?,?,?,?), ref: 2000317A
                                                                                                                                                                    • SetViewportExtEx.GDI32(?,?,?,?), ref: 20003194
                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 2000BB18
                                                                                                                                                                    • SetMapMode.GDI32(?,?), ref: 2000BB29
                                                                                                                                                                    • SetWindowOrgEx.GDI32(?,?,?,00000000), ref: 2000BB39
                                                                                                                                                                    • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 2000BB45
                                                                                                                                                                    • SetWindowOrgEx.GDI32(?,?,?,00000000), ref: 2000BB51
                                                                                                                                                                    • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 2000BB5D
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 2000BBA2
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 2000BBB4
                                                                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 2000BBBE
                                                                                                                                                                    • GetDeviceCaps.GDI32(?,00000058), ref: 2000BBC8
                                                                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 2000BBD2
                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 2000BBDD
                                                                                                                                                                    • SetMapMode.GDI32(?,00000008), ref: 2000BC47
                                                                                                                                                                    • SetWindowExtEx.GDI32(?,?,?,00000000), ref: 2000BC57
                                                                                                                                                                    • SetWindowOrgEx.GDI32(?,00000000,00000000,00000000), ref: 2000BC63
                                                                                                                                                                    • SetViewportExtEx.GDI32(?,?,?,00000000), ref: 2000BC7D
                                                                                                                                                                    • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 2000BC8D
                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,?,?), ref: 2000BCA1
                                                                                                                                                                    • GetSysColor.USER32(?), ref: 2000BD36
                                                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 2000BD3D
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 2000BD47
                                                                                                                                                                    • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 2000BD5C
                                                                                                                                                                    • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 2000BD6E
                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 2000BD76
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 2000BD79
                                                                                                                                                                    • GetSysColor.USER32(00000004), ref: 2000BD84
                                                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 2000BD8B
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 2000BD95
                                                                                                                                                                    • PatBlt.GDI32(?,?,?,?,00000000,00F00021), ref: 2000BDAA
                                                                                                                                                                    • PatBlt.GDI32(?,?,?,00000000,?,00F00021), ref: 2000BDBC
                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 2000BDC4
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 2000BDC7
                                                                                                                                                                    • InflateRect.USER32(?,00000000,00000000), ref: 2000BDD7
                                                                                                                                                                    • StretchBlt.GDI32(?,?,?,?,00000004,?,00000000,00000000,?,?,00CC0020), ref: 2000BE4B
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 2000BE55
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 2000BE58
                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 2000BE5F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Object$Window$Viewport$RectSelect$CapsDeleteDevice$Mode$BrushColorCreateSolid$CallClientClipFromInflateInvalidateProcReleaseStretchTypeValidate
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2959780622-0
                                                                                                                                                                    • Opcode ID: 1f452c5c6a36b41772dc2ce69eee930264aae8cf116f4e406537d57c97f120b8
                                                                                                                                                                    • Instruction ID: a5393b651b8a02fd85d35b2e7f2f2ec6f159801529cc20587292a2e94bcdd021
                                                                                                                                                                    • Opcode Fuzzy Hash: 1f452c5c6a36b41772dc2ce69eee930264aae8cf116f4e406537d57c97f120b8
                                                                                                                                                                    • Instruction Fuzzy Hash: 5812AE71904659EFEF029FE4CD88AEEBBBAFF08300F144025FA15A6160D7759960EF60
                                                                                                                                                                    Function 2000E84F Relevance: 58.0, APIs: 30, Strings: 3, Instructions: 300windowCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 251 2000e84f-2000e85d 252 2000e8b2-2000e8d0 VariantChangeType 251->252 253 2000e85f 251->253 258 2000e8d2-2000e8d9 252->258 259 2000e8ab-2000e8af 252->259 254 2000e866-2000e873 GetObjectType 253->254 256 2000eb09 254->256 257 2000e879-2000e87a 254->257 263 2000eb10 256->263 260 2000e8db-2000e92b CreateICA GetDeviceCaps * 2 call 20006f89 257->260 261 2000e87c-2000e87f 257->261 258->254 260->263 267 2000e931-2000e963 SendMessageA GetDeviceCaps 260->267 261->256 264 2000e885-2000e887 261->264 268 2000eb17-2000eb21 GetMapMode 263->268 264->256 266 2000e88d-2000e8a3 264->266 266->259 267->268 269 2000e969-2000ea2d GetDeviceCaps * 3 DPtoLP * 2 267->269 270 2000eb50-2000eb73 GetDeviceCaps * 2 268->270 271 2000eb23-2000eb4a CreateCompatibleDC SetMapMode SetViewportOrgEx SetWindowOrgEx 268->271 272 2000ea5d-2000ea81 SendMessageA 269->272 273 2000ea2f-2000ea32 269->273 277 2000eb7a-2000eb7d 270->277 271->270 275 2000eb91-2000eb93 272->275 276 2000ea87-2000eaac SendMessageA 272->276 273->272 274 2000ea34-2000ea57 StartDocA StartPage 273->274 274->272 278 2000ead1-2000ead4 275->278 279 2000eae4-2000eaf9 SendMessageA 276->279 280 2000eaae-2000eab1 276->280 281 2000eb83-2000eb8c EndPage 277->281 282 2000eac9-2000eacf 277->282 278->279 283 2000ead6-2000ead9 278->283 284 2000eb02-2000eb04 279->284 285 2000eafb-2000eafc DeleteDC 279->285 280->277 286 2000eab7-2000eac3 EndPage StartPage 280->286 281->282 282->276 282->278 283->279 287 2000eadb-2000eade EndDoc 283->287 284->259 285->284 286->282 287->279
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetObjectType.GDI32(?), ref: 2000E86A
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 2000E8B6
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,0000000A,00000000,0000000B), ref: 2000E8C8
                                                                                                                                                                    • CreateICA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 2000E8E5
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 2000E906
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 2000E90E
                                                                                                                                                                      • Part of subcall function 20006F89: SendMessageA.USER32(?,00000434,00000000,20006DDE), ref: 20006FA4
                                                                                                                                                                    • SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 2000E940
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000006E), ref: 2000E952
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000006F), ref: 2000E96C
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000070), ref: 2000E974
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000071), ref: 2000E97C
                                                                                                                                                                    • DPtoLP.GDI32(?,?,0000000A), ref: 2000EA1F
                                                                                                                                                                    • DPtoLP.GDI32(?,?,00000002), ref: 2000EA28
                                                                                                                                                                    • StartDocA.GDI32(?,?), ref: 2000EA50
                                                                                                                                                                    • StartPage.GDI32(?), ref: 2000EA57
                                                                                                                                                                    • SendMessageA.USER32(?,00000439,00000000,00000000), ref: 2000EA6B
                                                                                                                                                                    • SendMessageA.USER32(?,00000439,00000001,?), ref: 2000EA9E
                                                                                                                                                                    • EndPage.GDI32(?), ref: 2000EABA
                                                                                                                                                                    • StartPage.GDI32(?), ref: 2000EAC3
                                                                                                                                                                    • EndDoc.GDI32(?), ref: 2000EADE
                                                                                                                                                                    • SendMessageA.USER32(?,00000439,00000000,00000000), ref: 2000EAED
                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 2000EAFC
                                                                                                                                                                    • GetMapMode.GDI32(00000000), ref: 2000EB18
                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 2000EB26
                                                                                                                                                                    • SetMapMode.GDI32(00000000,00000001), ref: 2000EB32
                                                                                                                                                                    • SetViewportOrgEx.GDI32(?,00000000,00000000,00000000), ref: 2000EB3E
                                                                                                                                                                    • SetWindowOrgEx.GDI32(?,00000000,00000000,00000000), ref: 2000EB4A
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 2000EB53
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 2000EB5B
                                                                                                                                                                    • EndPage.GDI32(?), ref: 2000EB86
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CapsDevice$MessageSend$Page$Start$CreateModeTypeVariant$ChangeCompatibleDeleteInitObjectViewportWindow
                                                                                                                                                                    • String ID: DISPLAY$RICHTEXT$p=<u
                                                                                                                                                                    • API String ID: 1612919685-2288875380
                                                                                                                                                                    • Opcode ID: 1532ed0fb745d36bd8d9c3fbdc32aac4beb937acb738e7296cea5c76de235cce
                                                                                                                                                                    • Instruction ID: 8b7f8e3186aa30522616f9b2c4eaec720d6c8a220c5417d875d30ac9f9d1c2c8
                                                                                                                                                                    • Opcode Fuzzy Hash: 1532ed0fb745d36bd8d9c3fbdc32aac4beb937acb738e7296cea5c76de235cce
                                                                                                                                                                    • Instruction Fuzzy Hash: CAB10675A11619ABEB10CFA5CC88ADEBBFAFB49301F104026F505F7250D774AA41CB60
                                                                                                                                                                    Function 20015A87 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 274registrystringcomCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 288 20015a87-20015ac0 call 20015564 291 20015ac2-20015b08 call 2001537a wsprintfA RegOpenKeyExA 288->291 292 20015b0a 288->292 291->292 296 20015b11-20015b14 291->296 294 20015b0c-20015b10 292->294 297 20015b16-20015b3a RegCreateKeyExA 296->297 298 20015b4c-20015b70 RegCreateKeyExA 296->298 299 20015b40-20015b49 RegCloseKey 297->299 300 20015d87-20015d8a 297->300 298->300 301 20015b76-20015ba0 RegSetValueExA 298->301 299->298 303 20015d95-20015d98 300->303 304 20015d8c-20015d8f RegCloseKey 300->304 301->300 302 20015ba6-20015bca RegCreateKeyExA 301->302 302->300 305 20015bd0-20015c16 wsprintfA lstrlenA RegSetValueExA RegCloseKey 302->305 306 20015da3-20015dab 303->306 307 20015d9a-20015d9d RegCloseKey 303->307 304->303 305->300 308 20015c1c-20015c2b RegCloseKey 305->308 306->294 307->306 309 20015c31-20015c95 GetModuleFileNameA wsprintfA lstrcatA RegCreateKeyExA 308->309 310 20015cc5-20015cde CoCreateInstance 308->310 309->300 311 20015c9b-20015cbf lstrlenA RegSetValueExA 309->311 310->300 312 20015ce4-20015ceb 310->312 311->300 311->310 313 20015d31-20015d38 312->313 314 20015ced-20015cf2 312->314 315 20015d3a-20015d3f 313->315 316 20015d7e-20015d82 313->316 317 20015cf4-20015cfa 314->317 318 20015d1d-20015d2d 314->318 319 20015d41-20015d47 315->319 320 20015d6a-20015d7a 315->320 316->300 321 20015cff-20015d05 317->321 318->313 322 20015d4c-20015d52 319->322 320->316 321->318 323 20015d07-20015d1b 321->323 322->320 324 20015d54-20015d68 322->324 323->318 323->321 324->320 324->322
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 20015564: lstrcpyA.KERNEL32(?,?,?,00000000,2001E1EC,00000000), ref: 200155A4
                                                                                                                                                                      • Part of subcall function 20015564: lstrcatA.KERNEL32(?,2001E7DC,?,00000000,2001E1EC,00000000), ref: 200155B8
                                                                                                                                                                      • Part of subcall function 20015564: lstrcatA.KERNEL32(?,?,?,00000000,2001E1EC,00000000), ref: 200155C4
                                                                                                                                                                      • Part of subcall function 20015564: RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA14,00000000,0002001F,00000000,?,?,?,00000000,2001E1EC,00000000), ref: 200155E7
                                                                                                                                                                      • Part of subcall function 20015564: wsprintfA.USER32 ref: 2001560D
                                                                                                                                                                      • Part of subcall function 20015564: lstrlenA.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 20015623
                                                                                                                                                                      • Part of subcall function 20015564: RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001,?,?,?,?,?,?,00000000), ref: 2001563B
                                                                                                                                                                      • Part of subcall function 20015564: RegCreateKeyExA.ADVAPI32(?,CLSID,00000000,2001EA18,00000000,0002001F,00000000,?,?,?,?,?,?,?,?,00000000), ref: 20015662
                                                                                                                                                                      • Part of subcall function 20015564: lstrlenA.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 2001568A
                                                                                                                                                                      • Part of subcall function 2001537A: wsprintfA.USER32 ref: 200153BB
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015AE0
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000000,?,00000000,000F003F,?,?,?,?,?,?,?,?,?,?,00000001,2001E1EC), ref: 20015B00
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,Control,00000000,2001EA3C,00000000,000F003F,00000000,00000001,?), ref: 20015B2F
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000001,?,?,?,?,?,?,?,?,?,00000001,2001E1EC,00000000), ref: 20015B43
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,MiscStatus,00000000,2001EA40,00000000,000F003F,00000000,00000001,?), ref: 20015B65
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(00000001,00000000,00000000,00000001,?,00000002,?,?,?,?,?,?,?,?,?,00000001), ref: 20015B99
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(00000001,2001E898,00000000,2001EA44,00000000,000F003F,00000000,?,?), ref: 20015BBF
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015BDF
                                                                                                                                                                    • lstrlenA.KERNEL32(00000030,?,?,?,?,?,?,?,?,?,?,?,?,00000001,2001E1EC,00000000), ref: 20015BEF
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000030,00000001), ref: 20015C05
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,2001E1EC,00000000), ref: 20015C0D
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000001,2001E1EC,00000000), ref: 20015C1F
                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000030,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000001,2001E1EC), ref: 20015C43
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015C57
                                                                                                                                                                    • lstrcatA.KERNEL32(00000030,?), ref: 20015C6B
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,ToolboxBitmap32,00000000,2001EA48,00000000,000F003F,00000000,00000001,?), ref: 20015C8A
                                                                                                                                                                    • lstrlenA.KERNEL32(00000030), ref: 20015CA2
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(00000001,00000000,00000000,00000001,00000030,00000001), ref: 20015CB8
                                                                                                                                                                    • CoCreateInstance.OLE32(2000E578,00000000,00000001,2000E588,000000FF), ref: 20015CD6
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000001,2001E1EC,00000000), ref: 20015D8F
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000001,?,?,?,?,?,?,?,?,?,00000001,2001E1EC,00000000), ref: 20015D9D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Create$Closewsprintf$Valuelstrlen$lstrcat$FileInstanceModuleNameOpenlstrcpy
                                                                                                                                                                    • String ID: , %d$0$CLSID\%s$Control$MiscStatus$ToolboxBitmap32
                                                                                                                                                                    • API String ID: 3244952227-1215078984
                                                                                                                                                                    • Opcode ID: 9f932ddb19a377ff10c2737d06f2d770d94e5b53cfa9e8c36b73d4c7f5e697c4
                                                                                                                                                                    • Instruction ID: 2725d4cbadd2772c653f86fb394fabc3dab3d0709e7cdb07b828d73f99dbe293
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f932ddb19a377ff10c2737d06f2d770d94e5b53cfa9e8c36b73d4c7f5e697c4
                                                                                                                                                                    • Instruction Fuzzy Hash: 48A1C3B1801148EFEB11DF90CDC8EEEBBBAFB08349F54016AFA05E6110D7759E949B60
                                                                                                                                                                    Function 20011EE1 Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 296windowCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 325 20011ee1-20011ef5 326 200121a2-200121ad 325->326 327 20011efb-20011f00 325->327 328 200121af-200121b0 326->328 329 200121fe-20012203 326->329 330 20012081-2001208e call 200178c1 327->330 331 20011f06-20011f07 327->331 333 200121b2-200121b7 328->333 334 200121d8-200121e0 328->334 332 200121f5 329->332 335 200121f7 330->335 348 20012094-200120a4 330->348 331->335 336 20011f0d-20011f76 GetDlgItem SendMessageA IsDlgButtonChecked GetDlgItem SendMessageA GetDlgItem SendMessageA 331->336 332->335 338 200121d1-200121d6 call 2001794c 332->338 333->335 339 200121b9-200121c1 333->339 334->338 342 200121e2-200121e7 334->342 335->329 340 20011f78 336->340 341 20011f7f-20011fb3 GetDlgItem SendMessageA GetDlgItem SendMessageA call 200178c1 336->341 338->335 339->338 344 200121c3-200121c8 339->344 340->341 351 20011fb8-20011fba 341->351 342->335 347 200121e9-200121ee 342->347 344->335 349 200121ca-200121cf 344->349 347->338 352 200121f0 347->352 348->335 356 200120aa-20012146 CheckDlgButton call 20012570 GetDlgItem SendMessageA GetDlgItem SendMessageA 348->356 349->335 349->338 354 20011fc0-20011fd0 351->354 355 20012077-2001207e 351->355 352->332 358 20011fd2-20011fe2 354->358 359 20012039-20012045 call 200178d1 354->359 379 20012160-2001219a GetDlgItem SendMessageA GetDlgItem SendMessageA 356->379 380 20012148-2001215d GetDlgItem SendMessageA 356->380 366 20011fe4-20011ff4 358->366 367 2001204a-2001206a call 2001235e IsBadWritePtr 358->367 359->351 366->367 372 20011ff6-20012009 366->372 373 2001206c 367->373 374 2001206e-20012073 367->374 372->367 378 2001200b-2001201e 372->378 373->374 374->355 378->367 383 20012020-2001202e 378->383 379->326 380->379 383->367 385 20012030-20012034 383->385 385->359
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDlgItem.USER32(?,00000838), ref: 20011F24
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 20011F2D
                                                                                                                                                                    • IsDlgButtonChecked.USER32(?,0000083E), ref: 20011F3A
                                                                                                                                                                    • GetDlgItem.USER32(?,0000083A), ref: 20011F56
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 20011F59
                                                                                                                                                                    • GetDlgItem.USER32(?,0000083A), ref: 20011F6D
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 20011F70
                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 20011F8E
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 20011F91
                                                                                                                                                                    • GetDlgItem.USER32(?,00000843), ref: 20011FA5
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 20011FA8
                                                                                                                                                                    • IsBadWritePtr.KERNEL32(?,00000004), ref: 2001205B
                                                                                                                                                                    • CheckDlgButton.USER32(?,0000083E,00000000), ref: 200120C9
                                                                                                                                                                    • GetDlgItem.USER32(?,00000843), ref: 20012102
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 2001210B
                                                                                                                                                                    • GetDlgItem.USER32(?,00000838), ref: 2001212B
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 2001212E
                                                                                                                                                                    • GetDlgItem.USER32(?,0000083A), ref: 20012157
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 2001215A
                                                                                                                                                                    • GetDlgItem.USER32(?,0000083A), ref: 2001216F
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 20012172
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ItemMessageSend$Button$CheckCheckedWrite
                                                                                                                                                                    • String ID: c
                                                                                                                                                                    • API String ID: 3030633031-112844655
                                                                                                                                                                    • Opcode ID: a124c8c5e750b0959b875ce939f53d63b3f0bb819126a89b92cd9aba63df531f
                                                                                                                                                                    • Instruction ID: bb443aae52fc7f92ea2a4a9161405397ce11917f84fa39df2debbfcc57b6adbb
                                                                                                                                                                    • Opcode Fuzzy Hash: a124c8c5e750b0959b875ce939f53d63b3f0bb819126a89b92cd9aba63df531f
                                                                                                                                                                    • Instruction Fuzzy Hash: F2A15F75900209BFEB009FA4CC88EAE7BA9FF98754F008425FA45DB1A1CB759E91DF50
                                                                                                                                                                    Function 200137D0 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 191stringmemoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 590 200137d0-20013807 VariantChangeType 592 20013872-20013883 VariantChangeType 590->592 593 20013809-2001380c 590->593 594 20013841-20013844 592->594 595 20013885-200138c9 lstrlenW call 20001849 WideCharToMultiByte VariantClear 592->595 596 20013839-2001383f 593->596 597 2001380e-20013815 593->597 599 2001381c-2001381f 594->599 600 20013846-20013850 594->600 606 200138f8-200138fb 595->606 607 200138cb-200138d1 595->607 596->594 597->599 602 20013831-20013834 599->602 603 20013821-2001382b 599->603 604 20013852-20013857 600->604 605 20013859-2001385b 600->605 608 200138f1-200138f5 602->608 603->602 604->599 604->605 609 20013862-20013870 605->609 610 2001385d-20013860 605->610 613 20013901-20013977 call 20001821 wsprintfA lstrlenA * 2 call 20001821 lstrcpyA lstrlenA lstrcpyA lstrlenA lstrcpyA call 20001763 FindAtomA 606->613 614 20013a0e-20013a1c 606->614 611 200138d3-200138d7 607->611 612 200138ec 607->612 609->599 610->599 610->609 611->612 616 200138d9-200138e6 HeapFree 611->616 612->608 625 200139e6-200139ea 613->625 626 20013979-2001397c 613->626 615 200139a8-200139ae 614->615 615->594 618 200139b4-200139b8 615->618 616->612 618->594 620 200139be-200139d1 HeapFree 618->620 620->594 629 200139fc-20013a0c call 20013a1e 625->629 630 200139ec-200139fa 625->630 627 200139d6-200139e4 626->627 628 2001397e-2001398c AddAtomA 626->628 631 2001399c-200139a6 call 20001763 627->631 628->631 632 2001398e-20013995 628->632 629->631 630->631 631->615 632->631
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200137EA
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000003), ref: 20013800
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000008), ref: 2001387C
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 20013888
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 200138AE
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 200138C1
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 200138E6
                                                                                                                                                                    • wsprintfA.USER32 ref: 20013912
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 20013922
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 20013927
                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,00000000), ref: 2001393F
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,OLEOBJECT: ), ref: 20013947
                                                                                                                                                                    • lstrcpyA.KERNEL32(?), ref: 2001394D
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?), ref: 20013953
                                                                                                                                                                    • lstrcpyA.KERNEL32(?), ref: 2001395D
                                                                                                                                                                    • FindAtomA.KERNEL32(?), ref: 20013967
                                                                                                                                                                    • AddAtomA.KERNEL32(?), ref: 2001397F
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 200139CB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen$Variant$lstrcpy$AtomChangeFreeHeapType$ByteCharClearFindInitMultiWidewsprintf
                                                                                                                                                                    • String ID: }$%#8.8X$OLEOBJECT: $p=<u
                                                                                                                                                                    • API String ID: 2865264081-1722404901
                                                                                                                                                                    • Opcode ID: c56b5c159eae9eb7aa9b923410dc0c440aff61b4e1916ffac59f37415784f946
                                                                                                                                                                    • Instruction ID: b1acf0e99202420ab38b7756a713b0342d2ffeebab83ac8c9c3f216bbfd8d28d
                                                                                                                                                                    • Opcode Fuzzy Hash: c56b5c159eae9eb7aa9b923410dc0c440aff61b4e1916ffac59f37415784f946
                                                                                                                                                                    • Instruction Fuzzy Hash: 9C61F67190425AEFEF119FE0CC84BAEBBB9FF04354F20846AF545A7251CB789A80DB51
                                                                                                                                                                    Function 200153C5 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 148registrystringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 20016352: wsprintfA.USER32 ref: 20016385
                                                                                                                                                                      • Part of subcall function 20016352: RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA5C,00000000,00020019,00000000,2001E1EC,2001E1EC), ref: 200163B2
                                                                                                                                                                      • Part of subcall function 20016352: RegOpenKeyExA.ADVAPI32(2001E1EC,Implemented Categories,00000000,000F003F,00000000), ref: 200163CF
                                                                                                                                                                      • Part of subcall function 20016352: RegCloseKey.ADVAPI32(2001E1EC), ref: 200163E0
                                                                                                                                                                    • wsprintfA.USER32 ref: 2001541D
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA0C,00000000,0002001F,00000000,?,?), ref: 20015449
                                                                                                                                                                    • wsprintfA.USER32 ref: 2001546B
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 20015477
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 20015493
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,InprocServer32,00000000,2001EA10,00000000,0002001F,00000000,?,?), ref: 200154B6
                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104), ref: 200154CE
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 200154E8
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,ThreadingModel,00000000,00000001,Apartment,0000000A), ref: 20015505
                                                                                                                                                                      • Part of subcall function 20015DB0: RegOpenKeyExA.ADVAPI32(80000000,CLSID,00000000,000F003F,00000000,00000000), ref: 20015DF1
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,00000000,2001E1EC,00000000), ref: 20015519
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,00000000,2001E1EC,00000000), ref: 20015523
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 20015536
                                                                                                                                                                    • RegDeleteValueA.ADVAPI32(?,ThreadingModel), ref: 20015549
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 20015558
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 2001555D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$Value$Createwsprintf$Open$DeleteFileModuleNamelstrcpylstrlen
                                                                                                                                                                    • String ID: %s Object$Apartment$CLSID\%s$InprocServer32$ThreadingModel$ThreadingModel
                                                                                                                                                                    • API String ID: 3058780029-2040427102
                                                                                                                                                                    • Opcode ID: a21946882d4259e0f8f032b6901de004a8b1c0a13dfb55f25bcc9bff9222e508
                                                                                                                                                                    • Instruction ID: 3ded526f2f875a19ef512bee60f00a5797fd72000bcf668b7ca85bdf10ad048a
                                                                                                                                                                    • Opcode Fuzzy Hash: a21946882d4259e0f8f032b6901de004a8b1c0a13dfb55f25bcc9bff9222e508
                                                                                                                                                                    • Instruction Fuzzy Hash: 5B410671905628FBFB22AB90DC84EDEBB6AEF04765F100462F605E6091D6709FD4EB90
                                                                                                                                                                    Function 2001B970 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 213windowmemoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 664 2001b970-2001b990 EnterCriticalSection 665 2001b992 call 2001b904 664->665 666 2001b997-2001b9a1 LeaveCriticalSection 664->666 665->666 668 2001b9a7-2001b9be GetObjectA 666->668 669 2001ba98 666->669 671 2001b9c0-2001b9c3 668->671 672 2001b9fd-2001ba69 call 2001bd91 GlobalAlloc 668->672 670 2001ba9a-2001ba9e 669->670 674 2001b9c5-2001b9ca 671->674 675 2001b9cd-2001b9d8 671->675 672->669 678 2001ba6b-2001ba7a GlobalLock 672->678 674->675 675->672 677 2001b9da-2001b9e8 675->677 677->672 679 2001b9ea-2001b9f8 GetObjectA 677->679 680 2001baa2-2001babe GetDC 678->680 681 2001ba7c-2001ba8d GlobalAlloc 678->681 679->672 682 2001b9fa 679->682 685 2001bac0-2001bad0 SelectPalette RealizePalette 680->685 686 2001bad6-2001bb0f GetDIBits 680->686 683 2001ba9f-2001baa0 GlobalLock 681->683 684 2001ba8f-2001ba92 GlobalFree 681->684 682->672 683->680 684->669 685->686 687 2001bb11-2001bb1d SelectPalette 686->687 688 2001bb20-2001bb2b ReleaseDC 686->688 687->688 689 2001bb31-2001bb33 688->689 690 2001bbba-2001bbc5 GlobalUnlock 688->690 693 2001bb35-2001bb5f call 2001bd91 689->693 694 2001bba8-2001bbb4 GlobalUnlock GlobalFree 689->694 691 2001bbc7 690->691 692 2001bbcf-2001bbd2 690->692 691->692 692->670 697 2001bb61-2001bb78 693->697 698 2001bb7a-2001bb90 GetPaletteEntries 693->698 694->690 697->697 697->698 699 2001bb92-2001bba3 698->699 700 2001bba5 698->700 699->699 699->700 700->694
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,?,?,20019626,?,?,?,?,2001BCB4,?,4589C73B,?,?,20019626,?,20019E2A), ref: 2001B984
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,?,?,2001BCB4,?,4589C73B,?,?,20019626,?,20019E2A,?,?,00000000), ref: 2001B998
                                                                                                                                                                    • GetObjectA.GDI32(?,00000018,?), ref: 2001B9B6
                                                                                                                                                                    • GetObjectA.GDI32(20019626,00000004,?), ref: 2001B9F3
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,?), ref: 2001BA62
                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 2001BA72
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000000,-000003D8), ref: 2001BA86
                                                                                                                                                                    • GlobalFree.KERNEL32(20019626), ref: 2001BA92
                                                                                                                                                                      • Part of subcall function 2001B904: GetDC.USER32(00000000), ref: 2001B911
                                                                                                                                                                      • Part of subcall function 2001B904: GetDeviceCaps.GDI32(00000000,0000000E), ref: 2001B922
                                                                                                                                                                      • Part of subcall function 2001B904: GetDeviceCaps.GDI32(00000000,00000068), ref: 2001B92C
                                                                                                                                                                      • Part of subcall function 2001B904: GetDeviceCaps.GDI32(00000000,0000000C), ref: 2001B936
                                                                                                                                                                      • Part of subcall function 2001B904: GetStockObject.GDI32(0000000F), ref: 2001B959
                                                                                                                                                                      • Part of subcall function 2001B904: ReleaseDC.USER32(00000000,00000000), ref: 2001B967
                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 2001BAA0
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 2001BAB0
                                                                                                                                                                    • SelectPalette.GDI32(00000000,20019626,00000001), ref: 2001BAC6
                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 2001BAD0
                                                                                                                                                                    • GetDIBits.GDI32(00000000,?,00000000,?,?,?,00000000), ref: 2001BAF8
                                                                                                                                                                    • SelectPalette.GDI32(00000000,20019626,00000001), ref: 2001BB17
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 2001BB22
                                                                                                                                                                    • GetPaletteEntries.GDI32(20019626,00000000,?,?), ref: 2001BB85
                                                                                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 2001BBAB
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 2001BBB4
                                                                                                                                                                    • GlobalUnlock.KERNEL32(20019626), ref: 2001BBBD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Global$Palette$CapsDeviceObject$AllocCriticalFreeLockReleaseSectionSelectUnlock$BitsEnterEntriesLeaveRealizeStock
                                                                                                                                                                    • String ID: (
                                                                                                                                                                    • API String ID: 3361357538-3887548279
                                                                                                                                                                    • Opcode ID: 7c5b272e0b32cd6316d2a48d99735d0e8319f10cb7f938d0c02484aa7293be99
                                                                                                                                                                    • Instruction ID: fe8387f3687adbb7a0f40fc4a80f0ddb2afd9895f88113c99bff1251348511e5
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c5b272e0b32cd6316d2a48d99735d0e8319f10cb7f938d0c02484aa7293be99
                                                                                                                                                                    • Instruction Fuzzy Hash: 97811571C04619EBEB01DFE9C8849EEFBB6FF48311B10806AEA55A7250D7749E81EF50
                                                                                                                                                                    Function 20016C3D Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 231stringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 701 20016c3d-20016c50 702 20016c52-20016c64 CreateDCA 701->702 703 20016c65-20016c6c 701->703 704 20016c72-20016d34 lstrlenW call 20001849 WideCharToMultiByte lstrlenW call 20001849 WideCharToMultiByte lstrlenW call 20001849 WideCharToMultiByte 703->704 705 20016e24-20016e2b 703->705 719 20016d3a-20016d95 WideCharToMultiByte * 2 704->719 720 20016f0d-20016f10 704->720 708 20016e33-20016e5f 705->708 710 20016e61 708->710 712 20016e6a-20016e8d CreateDCA 710->712 714 20016e9b-20016ea1 712->714 715 20016e8f-20016e99 HeapFree 712->715 717 20016ea3-20016eaa 714->717 718 20016ebb-20016ec1 714->718 715->714 717->718 721 20016eac-20016eb9 HeapFree 717->721 722 20016ec3-20016ec7 718->722 723 20016ed8-20016ede 718->723 724 20016d9b-20016db8 HeapAlloc 719->724 725 20016eff-20016f08 719->725 720->712 721->718 722->723 726 20016ec9-20016ed6 HeapFree 722->726 727 20016ee0-20016ee7 723->727 728 20016ef8 723->728 724->708 730 20016dba-20016dc6 724->730 725->710 726->723 727->728 729 20016ee9-20016ef6 HeapFree 727->729 728->725 729->728 731 20016de0-20016de6 730->731 732 20016dc8-20016dcf 730->732 734 20016de8-20016dec 731->734 735 20016dfd-20016e03 731->735 732->731 733 20016dd1-20016dde HeapFree 732->733 733->731 734->735 736 20016dee-20016dfb HeapFree 734->736 737 20016e05-20016e0c 735->737 738 20016e1d 735->738 736->735 737->738 739 20016e0e-20016e1b HeapFree 737->739 738->705 739->738
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 20016C5A
                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,?), ref: 20016C94
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000,?,?,?,?), ref: 20016CBF
                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,?), ref: 20016CCD
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000,?,?,?,?), ref: 20016CF4
                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,?), ref: 20016D02
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002,?,?,?), ref: 20016D24
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000020,00000000,00000000,?,?,?), ref: 20016D4A
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000020,00000000,00000000,?,?,?), ref: 20016D72
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$lstrlen$Create
                                                                                                                                                                    • String ID: DISPLAY
                                                                                                                                                                    • API String ID: 1073769473-865373369
                                                                                                                                                                    • Opcode ID: dfb82bf2437560b042ae91c8172a58f0a540b7e6bb0dc9ebeabf45d6c9f63181
                                                                                                                                                                    • Instruction ID: 08ae11811b817ff8a53ed7484cc562e3bba83a3a1203a2b8a1efbf7b1de36ecc
                                                                                                                                                                    • Opcode Fuzzy Hash: dfb82bf2437560b042ae91c8172a58f0a540b7e6bb0dc9ebeabf45d6c9f63181
                                                                                                                                                                    • Instruction Fuzzy Hash: AB81F87680412DAFEF218BE4CD84FEEBBF9FB08344F1041A9E60966161D6755E81EF60
                                                                                                                                                                    Function 200172FF Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 157stringmemoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 20016448: lstrlenA.KERNEL32(?,?,20017325,?), ref: 2001644E
                                                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,CHM), ref: 2001733D
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 20017361
                                                                                                                                                                      • Part of subcall function 20017BB5: SysFreeString.OLEAUT32(00000000), ref: 20017C12
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 20017399
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000,?), ref: 200173C4
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 200173D7
                                                                                                                                                                    • lstrcatA.KERNEL32(?,2001E9F4), ref: 200173EB
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 20017401
                                                                                                                                                                      • Part of subcall function 20017E2B: LoadLibraryA.KERNEL32(?,?,?), ref: 20017E64
                                                                                                                                                                      • Part of subcall function 20017E2B: LoadLibraryA.KERNEL32(hhctrl.ocx,?,?), ref: 20017E7A
                                                                                                                                                                      • Part of subcall function 20017E2B: GetProcAddress.KERNEL32(00000000,0000000E), ref: 20017E94
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 2001743F
                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,HLP), ref: 20017465
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 2001746E
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 20017494
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 200174A7
                                                                                                                                                                    • lstrcatA.KERNEL32(?,2001E9FC), ref: 200174BF
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 200174D5
                                                                                                                                                                    • lstrcatA.KERNEL32(?,>LangRef), ref: 200174E3
                                                                                                                                                                    • WinHelpA.USER32(?,?,00000001,?), ref: 200174FE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$lstrcpylstrlen$ByteCharFreeLibraryLoadMultiWidelstrcmpi$AddressHeapHelpProcString
                                                                                                                                                                    • String ID: >LangRef$CHM$HLP
                                                                                                                                                                    • API String ID: 1640128389-512681488
                                                                                                                                                                    • Opcode ID: ed5bb1b7c07f652c84f3d0bb1bb3efd1ab470b52c82e74200c8a59443016431b
                                                                                                                                                                    • Instruction ID: a11defacc0ab2f8c5b16f3f7e6ce15cd9313d3ea50a51e1610f64f61c43cefee
                                                                                                                                                                    • Opcode Fuzzy Hash: ed5bb1b7c07f652c84f3d0bb1bb3efd1ab470b52c82e74200c8a59443016431b
                                                                                                                                                                    • Instruction Fuzzy Hash: F251F37180455DAFEF119FA4CC84E8AFBB9FB08304F10C1A5F949E3160DB75AA95AF90
                                                                                                                                                                    Function 200198CB Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 247comwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200198DF
                                                                                                                                                                    • OleCreatePictureIndirect.OLEAUT32(00000014,20006470,00000001,?), ref: 20019952
                                                                                                                                                                    • CreateBitmap.GDI32(00000001,00000001,00000000), ref: 20019976
                                                                                                                                                                    • OleCreatePictureIndirect.OLEAUT32(00000014,20006470,00000001,?), ref: 2001999D
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 200199AB
                                                                                                                                                                    • OleCreatePictureIndirect.OLEAUT32(00000014,20006470,00000001,?), ref: 20019A4C
                                                                                                                                                                    • ReleaseStgMedium.OLE32(?), ref: 20019A61
                                                                                                                                                                    • GlobalLock.KERNEL32(?), ref: 20019A8B
                                                                                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 20019AA4
                                                                                                                                                                    • OleCreatePictureIndirect.OLEAUT32(00000014,20006470,00000001,?), ref: 20019AD9
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 20019AED
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 20019AFC
                                                                                                                                                                    • ReleaseStgMedium.OLE32(?), ref: 20019B06
                                                                                                                                                                    • GlobalLock.KERNEL32(?), ref: 20019B17
                                                                                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 20019B63
                                                                                                                                                                    • OleCreatePictureIndirect.OLEAUT32(00000014,20006470,00000001,?), ref: 20019B86
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 20019B98
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Create$GlobalIndirectPicture$DeleteObject$LockMediumReleaseUnlock$BitmapFreeInitVariant
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 726213404-894760207
                                                                                                                                                                    • Opcode ID: 9643b52d6298a5db66eda00b1eba87b2e857d698a838adb3b24acf4fe628bd39
                                                                                                                                                                    • Instruction ID: d39c310cf82dcbc629f27e212a0a4bedba4cf8fd7c674621f878e4bebbe65486
                                                                                                                                                                    • Opcode Fuzzy Hash: 9643b52d6298a5db66eda00b1eba87b2e857d698a838adb3b24acf4fe628bd39
                                                                                                                                                                    • Instruction Fuzzy Hash: 449107B1D04209AFEB00CFD9C888AEEBBF9FB48714F108069F905E6250D7789A85DF50
                                                                                                                                                                    Function 20009353 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 277windowmemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysStringLen.OLEAUT32(?), ref: 2000936F
                                                                                                                                                                      • Part of subcall function 2000963A: SysStringLen.OLEAUT32(?), ref: 20009654
                                                                                                                                                                      • Part of subcall function 2000963A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,2000938E,?,?,00000000), ref: 2000966D
                                                                                                                                                                      • Part of subcall function 2000963A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,2000938E,?,?,00000000), ref: 20009699
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 2000939D
                                                                                                                                                                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 200093EE
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,0000000A,00000000,0000000B), ref: 2000940B
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,0000000A,00000000,0000000B), ref: 20009429
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001), ref: 2000952B
                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 20009531
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 2000954C
                                                                                                                                                                    • SysFreeString.OLEAUT32(0000000A), ref: 20009592
                                                                                                                                                                    • SysFreeString.OLEAUT32(0000000A), ref: 200095AB
                                                                                                                                                                    • CoTaskMemFree.OLE32(?,?,00000001), ref: 200095BC
                                                                                                                                                                    • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 20009604
                                                                                                                                                                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 20009611
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$ByteCharMultiWide$FreeMessageSendVariant$ChangeType$AllocInitTask
                                                                                                                                                                    • String ID: P?<u`<u$p=<u
                                                                                                                                                                    • API String ID: 2248001863-3712764378
                                                                                                                                                                    • Opcode ID: 2615569c6963e8b67c57c073de09170376d615c321884dc7738ab14aab7910df
                                                                                                                                                                    • Instruction ID: 1678bf9eec4643032b71acc2ca702ee503bfde4322225f2c79c02f9382fb2e73
                                                                                                                                                                    • Opcode Fuzzy Hash: 2615569c6963e8b67c57c073de09170376d615c321884dc7738ab14aab7910df
                                                                                                                                                                    • Instruction Fuzzy Hash: 8DA14370D05619EBFF128FE5CC84AEEBBBAEF18751F204426F511A6241D7358A81DBA0
                                                                                                                                                                    Function 2001235E Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 177windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetErrorInfo.OLEAUT32(00000000,?,00000000,75BFB660,?), ref: 20012386
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 200123E2
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 200123F9
                                                                                                                                                                    • LoadStringA.USER32(00000000,00000000,000007D3,?), ref: 2001241B
                                                                                                                                                                    • LoadStringA.USER32(00000000,00000000,00000DAC,?), ref: 20012437
                                                                                                                                                                    • wsprintfA.USER32 ref: 2001244D
                                                                                                                                                                    • MessageBeep.USER32(00000030), ref: 20012458
                                                                                                                                                                    • MessageBoxA.USER32(00000000,?,?,00002030), ref: 20012472
                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000834,000000B1,00000000,00010000), ref: 20012493
                                                                                                                                                                    • GetDlgItem.USER32(?,00000834), ref: 2001249F
                                                                                                                                                                    • PostMessageA.USER32(?,00000028,00000000), ref: 200124A9
                                                                                                                                                                    • SysFreeString.OLEAUT32(80004004), ref: 200124BD
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 200124C7
                                                                                                                                                                    • LoadStringA.USER32(00000000,00000000,00000007,?), ref: 20012502
                                                                                                                                                                    • LoadStringA.USER32(00000000,00000000,00000DAD,?), ref: 2001252F
                                                                                                                                                                    • wsprintfA.USER32 ref: 2001255C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$LoadMessage$ByteCharFreeItemMultiWidewsprintf$BeepErrorInfoPostSend
                                                                                                                                                                    • String ID: `<u
                                                                                                                                                                    • API String ID: 2111468693-3367579956
                                                                                                                                                                    • Opcode ID: f18651265ade381171b595587ff287862dc1dae97ce6dc02848f5b703241cf03
                                                                                                                                                                    • Instruction ID: 59d12c36aecd3c098d471a1ddc544badf85dd1c78772b359be32725f15e40dad
                                                                                                                                                                    • Opcode Fuzzy Hash: f18651265ade381171b595587ff287862dc1dae97ce6dc02848f5b703241cf03
                                                                                                                                                                    • Instruction Fuzzy Hash: CA511A72801258BFEB119FD4CC84EEEBBBDEF09310F1085A5F619A6051D7389E949FA1
                                                                                                                                                                    Function 20012B43 Relevance: 28.6, APIs: 19, Instructions: 131windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadMenuA.USER32(00000000,00000000), ref: 20012B72
                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 20012B7D
                                                                                                                                                                    • RemoveMenu.USER32(00000000,00000000,00000400), ref: 20012B8E
                                                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 20012B95
                                                                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 20012BC5
                                                                                                                                                                    • #1.OLEDLG(?,00000000,00000000,-00000001), ref: 20012BD3
                                                                                                                                                                    • EnableMenuItem.USER32(00000000,00000835,00000000), ref: 20012BF1
                                                                                                                                                                    • EnableMenuItem.USER32(00000000,00000834,00000000), ref: 20012C0A
                                                                                                                                                                    • EnableMenuItem.USER32(00000000,00000837,00000000), ref: 20012C13
                                                                                                                                                                    • SendMessageA.USER32(?,00000432,00000000,00000000), ref: 20012C2D
                                                                                                                                                                    • EnableMenuItem.USER32(00000000,00000836,00000001), ref: 20012C3B
                                                                                                                                                                    • SendMessageA.USER32(?,000000C6,00000000,00000000), ref: 20012C4F
                                                                                                                                                                    • EnableMenuItem.USER32(00000000,00000838,00000001), ref: 20012C5D
                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 20012C64
                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000002,00000002,00000002,00000000,?,00000000), ref: 20012C82
                                                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 20012C89
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Menu$Item$Enable$DestroyMessageSend$CountCursorLoadPopupRemoveTrack
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4015572070-0
                                                                                                                                                                    • Opcode ID: 5e28b528c6a62d42467105a03257fd6af4e0c3f3c2334f074340d82caa8dec88
                                                                                                                                                                    • Instruction ID: 59176d5d13c2915c6df60c489438ef956fb958baac75b4e18c3ec97519028f4d
                                                                                                                                                                    • Opcode Fuzzy Hash: 5e28b528c6a62d42467105a03257fd6af4e0c3f3c2334f074340d82caa8dec88
                                                                                                                                                                    • Instruction Fuzzy Hash: 84414131249744BFF3219B90CC49FEB76A9FF89B44F004124F744AA0D1D7A89E41DBA5
                                                                                                                                                                    Function 2000F49C Relevance: 28.3, APIs: 14, Strings: 2, Instructions: 255memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018), ref: 2000F4CD
                                                                                                                                                                    • LoadRegTypeLib.OLEAUT32(00000001,00000002,?,?), ref: 2000F4F4
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018), ref: 2000F4FE
                                                                                                                                                                    • CoTaskMemAlloc.OLE32(?), ref: 2000F562
                                                                                                                                                                    • CoTaskMemAlloc.OLE32(?), ref: 2000F57A
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 2000F5CD
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 2000F5F3
                                                                                                                                                                    • wsprintfA.USER32 ref: 2000F614
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,2001E040,?,?,20010041,?,00000000), ref: 200076CA
                                                                                                                                                                      • Part of subcall function 200076B0: SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 200076EB
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,20010041,?,00000000), ref: 20007704
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 2000F650
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 2000F685
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 2000F6EE
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 2000F717
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 2000F725
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 2000F73C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Free$Task$AllocByteCharMultiWide$CriticalHeapSectionString$EnterLeaveLoadTypelstrlenwsprintf
                                                                                                                                                                    • String ID: %ld - %s$`<u
                                                                                                                                                                    • API String ID: 1326458076-3064458049
                                                                                                                                                                    • Opcode ID: bfc11ea4a6ca971b1e57182026d0974b8bec548e18b2dfe5ea69c8c67efbf0a8
                                                                                                                                                                    • Instruction ID: 9f4945b9dcd97e7bd6c8eee2cf759bda23aef89162ca4b6d7e9bc050d53a352d
                                                                                                                                                                    • Opcode Fuzzy Hash: bfc11ea4a6ca971b1e57182026d0974b8bec548e18b2dfe5ea69c8c67efbf0a8
                                                                                                                                                                    • Instruction Fuzzy Hash: 9BA11A74900205EFEB11CF98C984DAABBFAFF88700B208599F949DB221D775DD81EB50
                                                                                                                                                                    Function 200097C5 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 186stringwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 200097E0
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 20009806
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 2000982B
                                                                                                                                                                    • SendMessageA.USER32(0000000A,00000438,?,0000000A), ref: 20009899
                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF), ref: 200098B1
                                                                                                                                                                    • SendMessageA.USER32(0000000A,000000B7,00000000,00000000), ref: 200098D9
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,0000000A,00000000,00000003), ref: 2000992E
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 20009942
                                                                                                                                                                      • Part of subcall function 20006F89: SendMessageA.USER32(?,00000434,00000000,20006DDE), ref: 20006FA4
                                                                                                                                                                    • VariantChangeType.OLEAUT32(0000000A,0000000A,00000000,00000003), ref: 20009958
                                                                                                                                                                    • VariantClear.OLEAUT32(0000000A), ref: 2000996C
                                                                                                                                                                    • VariantChangeType.OLEAUT32(0000000A,0000000A,00000000,00000002), ref: 20009982
                                                                                                                                                                    • VariantClear.OLEAUT32(0000000A), ref: 200099B1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$ChangeClearMessageSendType$lstrlen$ByteCharInitMultiWide
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 2883324902-894760207
                                                                                                                                                                    • Opcode ID: 1d8f2a457dd582f210d42fcde74738d4c94f5a5027735d6d56dab5d3fe5e8d91
                                                                                                                                                                    • Instruction ID: 2825497ca0645715236b6c2f5e2586fad7caae4543af05190a462d1de60b4adc
                                                                                                                                                                    • Opcode Fuzzy Hash: 1d8f2a457dd582f210d42fcde74738d4c94f5a5027735d6d56dab5d3fe5e8d91
                                                                                                                                                                    • Instruction Fuzzy Hash: 43715A30900249EBFF11DFE4CC88FDEBBBABB49314F104559F645A2191DB799A84CB60
                                                                                                                                                                    Function 2000ED5B Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 177windowstringfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,00000000,?,?,2000C2B5,?,00000002,00000000), ref: 2000ED93
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00000005,?,00000000,?,00000000,?,?,2000C2B5,?,00000002,00000000), ref: 2000EDDA
                                                                                                                                                                    • lstrcmpiA.KERNEL32({\rtf,?), ref: 2000EDF1
                                                                                                                                                                    • SetFilePointer.KERNEL32(00000002,00000000,00000000,00000000,?,00000000,?,?,2000C2B5,?,00000002,00000000), ref: 2000EE05
                                                                                                                                                                    • SendMessageA.USER32(?,00000449,00000002,?), ref: 2000EE49
                                                                                                                                                                    • SetFilePointer.KERNEL32(00000002,00000000,00000000,00000000,?,00000000), ref: 2000EE60
                                                                                                                                                                    • SendMessageA.USER32(?,000000B9,00000000,00000000), ref: 2000EE8B
                                                                                                                                                                    • CoTaskMemFree.OLE32(?,?,?,00000000,?,?,2000C2B5,?,00000002,00000000), ref: 2000EE99
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000,?,?,2000C2B5,?,00000002,00000000), ref: 2000EEA2
                                                                                                                                                                    • CoTaskMemAlloc.OLE32(00000001,?,00000000,?,?,2000C2B5,?,00000002,00000000), ref: 2000EEAA
                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,?,?,00000000,?,?,2000C2B5,?,00000002,00000000), ref: 2000EEBE
                                                                                                                                                                    • SendMessageA.USER32(?,00002111,04000000,?), ref: 2000EEFE
                                                                                                                                                                    • SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 2000EF0D
                                                                                                                                                                    • CloseHandle.KERNEL32(000000FF,?,00000000,?,?,2000C2B5,?,00000002,00000000), ref: 2000EF2E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileMessageSend$PointerTask$AllocCloseCreateFreeHandleReadlstrcmpilstrcpylstrlen
                                                                                                                                                                    • String ID: {\rtf
                                                                                                                                                                    • API String ID: 1276694697-1896632952
                                                                                                                                                                    • Opcode ID: b8bc61c68ededd69d198307789016cc783fe5df1e90d5dec2ea544f3a2af7ae9
                                                                                                                                                                    • Instruction ID: 812c14c2a1ab0c22e44044a392b5a6054a4cd5ed38c592129fe1d950328c535c
                                                                                                                                                                    • Opcode Fuzzy Hash: b8bc61c68ededd69d198307789016cc783fe5df1e90d5dec2ea544f3a2af7ae9
                                                                                                                                                                    • Instruction Fuzzy Hash: D7516D70914289AFFB109FA4CC85FEE77EAFB04344F10852AF669A6190C7789E41DF51
                                                                                                                                                                    Function 10003B50 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 220fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • malloc.MSVCRT ref: 10003B80
                                                                                                                                                                    • crc32.ZLIB1(00000000,00000000,00000000), ref: 10003BC2
                                                                                                                                                                    • malloc.MSVCRT ref: 10003BEB
                                                                                                                                                                    • deflateInit2_.ZLIB1(00000000,?,00000008,000000F1,00000008,?,1.2.1,00000038), ref: 10003C9E
                                                                                                                                                                    • malloc.MSVCRT ref: 10003CAA
                                                                                                                                                                    • malloc.MSVCRT ref: 10003CD5
                                                                                                                                                                    • inflateInit2_.ZLIB1(00000000,000000F1,1.2.1,00000038), ref: 10003CEA
                                                                                                                                                                    • _errno.MSVCRT ref: 10003D02
                                                                                                                                                                    • fopen.MSVCRT ref: 10003D1C
                                                                                                                                                                    • _fdopen.MSVCRT ref: 10003D25
                                                                                                                                                                    • fprintf.MSVCRT ref: 10003D52
                                                                                                                                                                      • Part of subcall function 10003390: _errno.MSVCRT ref: 100033A9
                                                                                                                                                                      • Part of subcall function 10003390: fread.MSVCRT ref: 100033CB
                                                                                                                                                                    • ftell.MSVCRT ref: 10003D77
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018680631.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018657246.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018708680.000000001000A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018733457.0000000010010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_10000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: malloc$Init2__errno$_fdopencrc32deflatefopenfprintffreadftellinflate
                                                                                                                                                                    • String ID: %c%c%c%c%c%c%c%c%c%c$1.2.1
                                                                                                                                                                    • API String ID: 7721421-2024128119
                                                                                                                                                                    • Opcode ID: 8f38c52c92f165520be27d92146615b77909dfc45fa99b6505e55566bde6f66e
                                                                                                                                                                    • Instruction ID: fbb798f071c3474e35930142f80b3be736413dc0217914225861a852fe92b6df
                                                                                                                                                                    • Opcode Fuzzy Hash: 8f38c52c92f165520be27d92146615b77909dfc45fa99b6505e55566bde6f66e
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C7104709447858FF321CF298884A5BBBE8FB453D0F408D2EE5CAD3649D735A8498B52
                                                                                                                                                                    Function 20015E4E Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 132registrystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 20015DB0: RegOpenKeyExA.ADVAPI32(80000000,CLSID,00000000,000F003F,00000000,00000000), ref: 20015DF1
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015E96
                                                                                                                                                                      • Part of subcall function 20015FC2: RegOpenKeyExA.ADVAPI32(00000000,20015E3D,00000000,000F003F,?,00000000), ref: 20015FDE
                                                                                                                                                                      • Part of subcall function 20016046: RegOpenKeyExA.ADVAPI32(80000000,2001EA50,00000000,000F003F,?,80000000,75BF8400,00000000), ref: 20016088
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015EE7
                                                                                                                                                                      • Part of subcall function 20015FC2: RegEnumKeyExA.ADVAPI32(?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 20016007
                                                                                                                                                                      • Part of subcall function 20015FC2: RegCloseKey.ADVAPI32(?), ref: 20016029
                                                                                                                                                                      • Part of subcall function 20015FC2: RegDeleteKeyA.ADVAPI32(00000104,20015E3D), ref: 20016035
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015F29
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000000,?,00000000,000F003F,00000001), ref: 20015F41
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA4C,00000000,0002001F,00000000,00000001,?), ref: 20015F6A
                                                                                                                                                                    • wsprintfA.USER32 ref: 20015F87
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 20015F93
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(00000001,00000000,00000000,00000001,?,00000001), ref: 20015FAB
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000001), ref: 20015FB4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Openwsprintf$Close$CreateDeleteEnumValuelstrlen
                                                                                                                                                                    • String ID: %s.%s$%s.%s.%ld$%s.%s.%ld$%s.%s\CurVer$RICHTEXT
                                                                                                                                                                    • API String ID: 563668886-1413781953
                                                                                                                                                                    • Opcode ID: 0caefecdf5492f46b8e8dc27f0825b9eccc13e0e5e53531ff46c32964add6208
                                                                                                                                                                    • Instruction ID: 69b1b1f3651592e957a9f21cf67e4ce32af83d1d0b3a711ac071570a7e338cf1
                                                                                                                                                                    • Opcode Fuzzy Hash: 0caefecdf5492f46b8e8dc27f0825b9eccc13e0e5e53531ff46c32964add6208
                                                                                                                                                                    • Instruction Fuzzy Hash: 294146B290010EBBFB059BD0DC86FEFB7ADEB04706F000076FA04E5091E6709E959B61
                                                                                                                                                                    Function 20017528 Relevance: 22.7, APIs: 15, Instructions: 157windowkeyboardCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,00000087,00000000,00000000), ref: 2001756B
                                                                                                                                                                    • SendMessageA.USER32(?,00000102,?,?), ref: 2001757E
                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 200175BC
                                                                                                                                                                    • IsChild.USER32(00000009,?), ref: 200175CC
                                                                                                                                                                    • SendMessageA.USER32(00000009,00000400,00000000,00000000), ref: 200175E6
                                                                                                                                                                    • GetDlgItem.USER32(00000009,?), ref: 200175FF
                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 2001760C
                                                                                                                                                                    • SendMessageA.USER32(00000009,00000028,00000000,00000001), ref: 2001761E
                                                                                                                                                                    • GetKeyState.USER32(00000010), ref: 20017626
                                                                                                                                                                    • IsChild.USER32(?), ref: 20017670
                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 2001767F
                                                                                                                                                                    • IsDialogMessageA.USER32(?,?), ref: 2001768B
                                                                                                                                                                    • GetKeyState.USER32(00000010), ref: 200176A3
                                                                                                                                                                    • GetNextDlgTabItem.USER32(00000009,00000000,00000000), ref: 200176B3
                                                                                                                                                                    • SendMessageA.USER32(00000009,00000028,00000000,00000001), ref: 200176C5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message$Send$State$ChildItemWindow$DialogEnabledNext
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4199717441-0
                                                                                                                                                                    • Opcode ID: d8396d52f737f1fdf3d4b55b95abb8e0c14708b83060fc4a8c3775e3cfdd9d5f
                                                                                                                                                                    • Instruction ID: a98dfb490557dcee13f0eec0024d847d28b47539fdac91ccab31140210d5da22
                                                                                                                                                                    • Opcode Fuzzy Hash: d8396d52f737f1fdf3d4b55b95abb8e0c14708b83060fc4a8c3775e3cfdd9d5f
                                                                                                                                                                    • Instruction Fuzzy Hash: E3419D34204B02ABFB105FA5CC85B9ABBFAEB15740F104438F659D65A1DBB5BCE1EB10
                                                                                                                                                                    Function 200145E0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 237stringregistryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadTypeLib.OLEAUT32(00000000,?), ref: 2001463B
                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104), ref: 2001461E
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,2001E040,?,?,20010041,?,00000000), ref: 200076CA
                                                                                                                                                                      • Part of subcall function 200076B0: SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 200076EB
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,20010041,?,00000000), ref: 20007704
                                                                                                                                                                    • lstrcatA.KERNEL32(?,2001E752), ref: 200146C7
                                                                                                                                                                    • lstrlenA.KERNEL32(00000003), ref: 200146F8
                                                                                                                                                                    • lstrlenA.KERNEL32(00000003), ref: 20014723
                                                                                                                                                                    • lstrcpynA.KERNEL32(?,00000001,00000001), ref: 20014737
                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?), ref: 20014744
                                                                                                                                                                    • RegisterTypeLib.OLEAUT32(?,?,2001EA0A), ref: 200147D0
                                                                                                                                                                    • CoTaskMemFree.OLE32(000000FF), ref: 200147DF
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 200147F7
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharFileFreeMultiStringTypeWidelstrlen$AllocAttributesLoadModuleNameRegisterTasklstrcatlstrcpyn
                                                                                                                                                                    • String ID: RICHTEXT$`<u
                                                                                                                                                                    • API String ID: 4146329167-3264254870
                                                                                                                                                                    • Opcode ID: 391b307b01c48feba02dda8c1f5d36f57ebc2d71c78ec44578994cbbcde78b21
                                                                                                                                                                    • Instruction ID: e1d1c8a6cc29647697e8d2c16f39ed07768c8830cac3144e4e3d03635bceed74
                                                                                                                                                                    • Opcode Fuzzy Hash: 391b307b01c48feba02dda8c1f5d36f57ebc2d71c78ec44578994cbbcde78b21
                                                                                                                                                                    • Instruction Fuzzy Hash: 3F917672904105EFEB11CFD8C888EADFBBAFF48310B2041A9E644AB1B1D7759E90DB50
                                                                                                                                                                    Function 20006DF7 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 187windowregistryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • PeekMessageA.USER32(?,?,00000000,00000000,00000002), ref: 20006E42
                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(?,?,?,00000000), ref: 20006E5C
                                                                                                                                                                    • RegisterWindowMessageA.USER32(WM_DBCS_TRAILBYTE,?,?,00000000), ref: 20006EBF
                                                                                                                                                                    • GetVersionExA.KERNEL32(?,?,?,00000000), ref: 20006EE0
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Message$ByteLeadPeekRegisterVersionWindow
                                                                                                                                                                    • String ID: WM_DBCS_TRAILBYTE
                                                                                                                                                                    • API String ID: 3681678770-3501285823
                                                                                                                                                                    • Opcode ID: bd7c32ad68c536d687c8594314f9716c7d79953f7cf072dcd69e59532137ed88
                                                                                                                                                                    • Instruction ID: 3fe4d0e49625fc8edbe85aec91c2682a4f43ceccfc26299ec180a42d227aaaa7
                                                                                                                                                                    • Opcode Fuzzy Hash: bd7c32ad68c536d687c8594314f9716c7d79953f7cf072dcd69e59532137ed88
                                                                                                                                                                    • Instruction Fuzzy Hash: 4F612A35904259EBFF11CFD4CD45EEEBBBAEB08740F108066FA04A6160D7759E91EBA0
                                                                                                                                                                    Function 20009FF2 Relevance: 21.2, APIs: 14, Instructions: 184COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IntersectRect.USER32(?,?,00000000), ref: 2000A031
                                                                                                                                                                    • EqualRect.USER32(?,?), ref: 2000A042
                                                                                                                                                                    • GetParent.USER32(?), ref: 2000A06F
                                                                                                                                                                    • ClientToScreen.USER32(00000000), ref: 2000A076
                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 2000A08B
                                                                                                                                                                    • OffsetRect.USER32(?,00000000,00000000), ref: 2000A0A1
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,00000000,00000000,?,00000014), ref: 2000A111
                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 2000A122
                                                                                                                                                                    • OffsetRect.USER32(?,00000000,00000000), ref: 2000A135
                                                                                                                                                                    • SetWindowRgn.USER32(?,00000000,00000001), ref: 2000A16D
                                                                                                                                                                    • OffsetRect.USER32(?,?,?), ref: 2000CAF6
                                                                                                                                                                    • CreateRectRgnIndirect.GDI32(?), ref: 2000CB0E
                                                                                                                                                                    • SetWindowRgn.USER32(?,00000000), ref: 2000CB16
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Rect$Window$Offset$ClientCreateEqualIndirectIntersectParentScreen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4164467354-0
                                                                                                                                                                    • Opcode ID: 0b5b160f9737a940ff0df1a5054688370c1cc1ffda391229d50764caf93eba2b
                                                                                                                                                                    • Instruction ID: 359b33aada5eb936dbcf12ba060c2fd8d190eddbc503b256f21c1e5b5d9d88e2
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b5b160f9737a940ff0df1a5054688370c1cc1ffda391229d50764caf93eba2b
                                                                                                                                                                    • Instruction Fuzzy Hash: EA610671A00109AFFB08DFA5C988EEE7BBAFB49311F018158ED15AB256D774EE40DB50
                                                                                                                                                                    Function 2001691E Relevance: 19.6, APIs: 13, Instructions: 139COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDeviceCaps.GDI32(?,00000002), ref: 20016955
                                                                                                                                                                    • SetWindowOrgEx.GDI32(?,?,?,00000000), ref: 200169DB
                                                                                                                                                                    • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 200169E9
                                                                                                                                                                    • SetWindowExtEx.GDI32(?,?,?,00000000), ref: 200169F7
                                                                                                                                                                    • SetViewportExtEx.GDI32(?,?,?,00000000), ref: 20016A05
                                                                                                                                                                    • SetMapMode.GDI32(?,?), ref: 20016A0F
                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 20016A1E
                                                                                                                                                                    • LPtoDP.GDI32(?,?,00000002), ref: 20016A43
                                                                                                                                                                    • SetViewportOrgEx.GDI32(?,00000000,00000000,?), ref: 20016A52
                                                                                                                                                                    • SetWindowOrgEx.GDI32(?,00000000,00000000,?), ref: 20016A5F
                                                                                                                                                                    • GetWindowExtEx.GDI32(?,?), ref: 20016A6A
                                                                                                                                                                    • GetViewportExtEx.GDI32(?,?), ref: 20016A75
                                                                                                                                                                    • SetMapMode.GDI32(?,00000001), ref: 20016A7E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ViewportWindow$Mode$CapsDeleteDevice
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3425957729-0
                                                                                                                                                                    • Opcode ID: ce70f3704543003a28878dc2a939be3a15010181aa570e1ccaa76339185e60d2
                                                                                                                                                                    • Instruction ID: 72b68afc395e1611993ba5ad64224ae261adc6827ca26d17296a4f7f5ed5de94
                                                                                                                                                                    • Opcode Fuzzy Hash: ce70f3704543003a28878dc2a939be3a15010181aa570e1ccaa76339185e60d2
                                                                                                                                                                    • Instruction Fuzzy Hash: F7410672804609AFEF118FE4CC48FDEBFBEEF09355F044054FA05A6162C6799A95DB60
                                                                                                                                                                    Function 20013E5D Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 336comfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20013E7C
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,0000000A,00000000,00000003), ref: 20013E97
                                                                                                                                                                    • DeleteAtom.KERNEL32(?), ref: 20013F42
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 20013F4C
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,0000000A,00000000,00000008), ref: 20013F6F
                                                                                                                                                                    • OleCreateFromFile.OLE32(20003E58,0000000A,20003D38,00000001,00000000,?,0000000A,?), ref: 20013FA1
                                                                                                                                                                    • OleSetContainedObject.OLE32(?,00000001), ref: 20013FF9
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,0000000A,00000000,00000008), ref: 200140FE
                                                                                                                                                                    • CLSIDFromProgID.OLE32(0000000A,?), ref: 20014115
                                                                                                                                                                    • OleCreate.OLE32(?,20003D38,00000001,00000000,?,0000000A,?), ref: 20014137
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$ChangeType$CreateFrom$AtomClearContainedDeleteFileInitObjectProg
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 120806182-894760207
                                                                                                                                                                    • Opcode ID: e56f205bdf2c49b176d4537960d41c88c983c9a3c5271a2246d31290931a3889
                                                                                                                                                                    • Instruction ID: 564dc7e26af044377a123770262b5e26a46b396146978b96871aa8ed0317b843
                                                                                                                                                                    • Opcode Fuzzy Hash: e56f205bdf2c49b176d4537960d41c88c983c9a3c5271a2246d31290931a3889
                                                                                                                                                                    • Instruction Fuzzy Hash: 9EC11B71A00109AFEF11DFD4C884EAEB7B9FF58300B208599F915EB261D7759E86CB50
                                                                                                                                                                    Function 20009E8D Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 234memorycomstringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?), ref: 20009ED5
                                                                                                                                                                    • CoTaskMemAlloc.OLE32(00000030), ref: 20009F5C
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 20009F8F
                                                                                                                                                                    • OleLoadFromStream.OLE32(?,20006460,?), ref: 20009FDF
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 2000B8D8
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 2000B8E7
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 2000B8F6
                                                                                                                                                                    • CoTaskMemAlloc.OLE32(00000001), ref: 2000B903
                                                                                                                                                                    • OleLoadFromStream.OLE32(?,20006470,?), ref: 2000B974
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Task$AllocFree$FromHeapLoadStream$lstrlen
                                                                                                                                                                    • String ID: 0
                                                                                                                                                                    • API String ID: 3967986655-4108050209
                                                                                                                                                                    • Opcode ID: 9d532eaad0277e216992e7e060bbc4d87f84fff5ea944494042e3db91c13898a
                                                                                                                                                                    • Instruction ID: 8660bfc877f254acdb7d3b63993b188119994adf709c34eab0220d70c6f7bb23
                                                                                                                                                                    • Opcode Fuzzy Hash: 9d532eaad0277e216992e7e060bbc4d87f84fff5ea944494042e3db91c13898a
                                                                                                                                                                    • Instruction Fuzzy Hash: 88815871900109EBFB10CF95C884BEEBBBAEF55300F244069EA45EB265D7749E81DB60
                                                                                                                                                                    Function 20004F9B Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 188COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 2000506E
                                                                                                                                                                    • VariantClear.OLEAUT32(0000000D), ref: 20005119
                                                                                                                                                                    • VariantClear.OLEAUT32(00000009), ref: 20005193
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ClearVariant$FreeString
                                                                                                                                                                    • String ID: FileName$Font$MouseIcon$TextRTF$`<u
                                                                                                                                                                    • API String ID: 3697210081-2427556196
                                                                                                                                                                    • Opcode ID: 2ce48b2f3196145f7ab5cecf73d8797b547a0b2b6975bf0b9a2a147ef245911f
                                                                                                                                                                    • Instruction ID: 1995e0c63089c303174e75342a0a65b5eafba2ec154fcac2f8bb81aa6b32c2e6
                                                                                                                                                                    • Opcode Fuzzy Hash: 2ce48b2f3196145f7ab5cecf73d8797b547a0b2b6975bf0b9a2a147ef245911f
                                                                                                                                                                    • Instruction Fuzzy Hash: E2718D31A10205EFFB04CFA4CC88BEE77BAFF44315F148568E915AB251EB749A45CBA0
                                                                                                                                                                    Function 200054CA Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 174windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,00000000,?,00000000), ref: 200054EE
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,00000000), ref: 20005509
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,?,00000000), ref: 20005597
                                                                                                                                                                    • CreateWindowExA.USER32(000000FC,?,?,00000000,?,?,?,?,?,00000000,00000000), ref: 20005601
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,00000000), ref: 2000561B
                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 2000554F
                                                                                                                                                                      • Part of subcall function 200057EE: EnterCriticalSection.KERNEL32(2001E018,2001E018,?,00000000,?,?,?,?,?,?,?,2000D27E,?,00000000), ref: 200057FD
                                                                                                                                                                      • Part of subcall function 200057EE: LeaveCriticalSection.KERNEL32(2001E018,?,00000000,?,?,?,?,?,?,?,2000D27E), ref: 2000580E
                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,000000FC,?,00000000), ref: 20005686
                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000EB), ref: 2000D2EA
                                                                                                                                                                    • DestroyWindow.USER32(?,?,00000000), ref: 2000D309
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$Window$EnterLeave$CreateDestroyLongVisible
                                                                                                                                                                    • String ID: D
                                                                                                                                                                    • API String ID: 476852033-2746444292
                                                                                                                                                                    • Opcode ID: 90822c5501109facf178a38016a015d14f1e629fc799be9859cb64e642036659
                                                                                                                                                                    • Instruction ID: cbe84b06a9108d25f86132a72da1cc22852cb9f0e4e89b5375d4c5bfd02a7434
                                                                                                                                                                    • Opcode Fuzzy Hash: 90822c5501109facf178a38016a015d14f1e629fc799be9859cb64e642036659
                                                                                                                                                                    • Instruction Fuzzy Hash: EF615E70604B44EFFB258FA4C894BAEBBF6FF15301F40492DE696C2160D7759984DB21
                                                                                                                                                                    Function 20008820 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 151windowcomstringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,0000043A,00000001,0000003C), ref: 2000885E
                                                                                                                                                                    • SendMessageA.USER32(?,00000444,00000001,0000003C), ref: 200088C1
                                                                                                                                                                    • OleTranslateColor.OLEAUT32(00000000,00000000,?), ref: 2000890B
                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 20008916
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000002,00000000,00000000,00000002), ref: 2000893C
                                                                                                                                                                    • GetDC.USER32(?), ref: 20008964
                                                                                                                                                                    • GetSystemMetrics.USER32(0000004A), ref: 20008984
                                                                                                                                                                    • EnumFontFamiliesExA.GDI32(00000000,?,20008BE6,00000001,00000000), ref: 200089A3
                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 200089B0
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend$ByteCharColorEnumFamiliesFontMetricsMultiReleaseSystemTranslateWidelstrlen
                                                                                                                                                                    • String ID: <
                                                                                                                                                                    • API String ID: 3071061381-4251816714
                                                                                                                                                                    • Opcode ID: 209ce068ba4d2ad6b28a009722525e33b0940d94aafb420eb3caa539e43b7888
                                                                                                                                                                    • Instruction ID: 22a0245a4c499e47a126ca9a1de0f51d4fadbdf595c629b56713145a5297914b
                                                                                                                                                                    • Opcode Fuzzy Hash: 209ce068ba4d2ad6b28a009722525e33b0940d94aafb420eb3caa539e43b7888
                                                                                                                                                                    • Instruction Fuzzy Hash: DA519B71904649AFFB218BE0CC84FDE7BFAFB09344F508425F295A25A1CB789D84DB25
                                                                                                                                                                    Function 200197CE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200197DB
                                                                                                                                                                    • GlobalLock.KERNEL32(?), ref: 200197FE
                                                                                                                                                                    • GlobalSize.KERNEL32(?), ref: 20019815
                                                                                                                                                                    • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 2001982B
                                                                                                                                                                    • SafeArrayDestroy.OLEAUT32(00000000), ref: 20019848
                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 20019857
                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 20019867
                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 20019898
                                                                                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 200198B0
                                                                                                                                                                    • ReleaseStgMedium.OLE32(?), ref: 200198BB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ArrayGlobalSafe$DataUnlock$AccessCreateDestroyInitLockMediumReleaseSizeUnaccessVariant
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 2064889598-894760207
                                                                                                                                                                    • Opcode ID: 8c2d710a7f3e19e53580407200c3668a9384ab957ff9aab6c3cec39739130c23
                                                                                                                                                                    • Instruction ID: 346d51079bfc617026d8a8c94d73b09d8d1bbacbeff43321a5c4d02ed2ab12d8
                                                                                                                                                                    • Opcode Fuzzy Hash: 8c2d710a7f3e19e53580407200c3668a9384ab957ff9aab6c3cec39739130c23
                                                                                                                                                                    • Instruction Fuzzy Hash: F2315C75904209EFEB019FA4C848BDEBFB5FF04751F108069F909AB250D7789E80EB90
                                                                                                                                                                    Function 200051C1 Relevance: 18.2, APIs: 12, Instructions: 206memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 2000C7E3
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000002), ref: 2000C811
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?), ref: 2000C839
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 2000C863
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocByteCharFreeMultiWidelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 351661896-0
                                                                                                                                                                    • Opcode ID: 74ef86e24dcf7812ef18d054d313839e5fca95cae0dfe48962ed15fc715be925
                                                                                                                                                                    • Instruction ID: b7ab98aa9079d3f415fe18f33b760ef9b51bc4bf8b3fbcc44d7292f5bd7a3e6c
                                                                                                                                                                    • Opcode Fuzzy Hash: 74ef86e24dcf7812ef18d054d313839e5fca95cae0dfe48962ed15fc715be925
                                                                                                                                                                    • Instruction Fuzzy Hash: E671AF31504544ABFB11CFA4CC84F9E77AAEF49314F108155FA15DB2A1C77ADE81DB90
                                                                                                                                                                    Function 2001BFC4 Relevance: 18.1, APIs: 12, Instructions: 148memorywindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,00000000,2001E018,?,?,?,?,?,?,2001BF87,?,20019626,?,?), ref: 2001BFD3
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,?,?,?,2001BF87,?,20019626,?,?), ref: 2001BFE7
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,?,?,?,2001BF87,?,20019626,?,?), ref: 2001BFF5
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000408,?,?,?,?,?,2001BF87,?,20019626,?,?), ref: 2001C007
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 2001C026
                                                                                                                                                                    • GetSysColor.USER32(?), ref: 2001C047
                                                                                                                                                                    • GetNearestColor.GDI32(?,00000000), ref: 2001C079
                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 2001C0B3
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018), ref: 2001C14C
                                                                                                                                                                    • CreatePalette.GDI32(00000000), ref: 2001C153
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018), ref: 2001C161
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000), ref: 2001C170
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$Leave$ColorEnterHeap$AllocCreateFreeNearestPaletteRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 275897378-0
                                                                                                                                                                    • Opcode ID: c274b1f174dd922849d37cdbb5d696cf1bcea4d3fd5ed80e7beb54a7aa8de77a
                                                                                                                                                                    • Instruction ID: f5e2aa39023b10a9ae14ad19593c2b41c2a330a0be4cc98c271bc73186d45fa2
                                                                                                                                                                    • Opcode Fuzzy Hash: c274b1f174dd922849d37cdbb5d696cf1bcea4d3fd5ed80e7beb54a7aa8de77a
                                                                                                                                                                    • Instruction Fuzzy Hash: E051C331948684DFFB06CBA4C848BDEFBF1BF49315F1584A9E142A7292D7B88A41DF11
                                                                                                                                                                    Function 20011A61 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 236memorystringwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CheckDlgButton.USER32(?,0000083C,00000000), ref: 20011AC3
                                                                                                                                                                    • SetDlgItemInt.USER32(?,00000835,00000000,00000001), ref: 20011B39
                                                                                                                                                                    • GetDlgItem.USER32(?,00000841), ref: 20011BAB
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 20011BB2
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 20011C8A
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000,?), ref: 20011CB5
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 20011CC7
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 20011CFA
                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000837,?), ref: 20011D10
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Item$Free$ButtonByteCharCheckHeapMessageMultiSendStringTextWidelstrlen
                                                                                                                                                                    • String ID: `<u
                                                                                                                                                                    • API String ID: 250533556-3367579956
                                                                                                                                                                    • Opcode ID: 680e1f729f07f61789f38c758ca1a1b75a66898b94d1994966e3bbf2b54c38c3
                                                                                                                                                                    • Instruction ID: 7193cde237d1a83a049a4bbdbc3421fd321f130eeb576e7a9e73db2b8d2e6d21
                                                                                                                                                                    • Opcode Fuzzy Hash: 680e1f729f07f61789f38c758ca1a1b75a66898b94d1994966e3bbf2b54c38c3
                                                                                                                                                                    • Instruction Fuzzy Hash: 12811C75604109EFEB04DFA4CD88EE97BBAFB84754F10C468F609CB1A0DA759E81DB90
                                                                                                                                                                    Function 20009BFA Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 200memorycomstringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 20009C5F
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?), ref: 20009CF8
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 20009D3E
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 20009D62
                                                                                                                                                                    • OleSaveToStream.OLE32(?,?), ref: 20009DA1
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 2000BA50
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeHeap$AllocMessageSaveSendStreamTasklstrlen
                                                                                                                                                                    • String ID: 0
                                                                                                                                                                    • API String ID: 2441979071-4108050209
                                                                                                                                                                    • Opcode ID: 66a100b46c0aa1bb08a9225c1ba347582803b2136dc419074acf3da905ead69e
                                                                                                                                                                    • Instruction ID: 2e2f6491f6641a87cf29a8ed46334837f8486301eb6583274a6b90c7b6caee1e
                                                                                                                                                                    • Opcode Fuzzy Hash: 66a100b46c0aa1bb08a9225c1ba347582803b2136dc419074acf3da905ead69e
                                                                                                                                                                    • Instruction Fuzzy Hash: AA713A30A04208EFFB11CFA4C884BDE7BB6FF95350F2445A9E985DB251D7749A81DB60
                                                                                                                                                                    Function 2001C20B Relevance: 16.6, APIs: 11, Instructions: 113windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 2001C22D
                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 2001C245
                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 2001C255
                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,20019647), ref: 2001C292
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 2001C2B9
                                                                                                                                                                    • StretchBlt.GDI32(00000000,00000000,00000000,?,20019647,00000000,00000000,00000000,?,20019647,00CC0020), ref: 2001C2D9
                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 2001C2F3
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 2001C2FE
                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 2001C310
                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 2001C324
                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 2001C32E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CompatibleCreateDeleteObject$Select$BitmapReleaseStretch
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 223590194-0
                                                                                                                                                                    • Opcode ID: b871ca284bfb82d3954899211978ee955e657c19210feebb9d6bfafd2a445848
                                                                                                                                                                    • Instruction ID: a96c421e492e661185196ec22a77f1ea6c86fa0d4a0e0965e58628269be4d18c
                                                                                                                                                                    • Opcode Fuzzy Hash: b871ca284bfb82d3954899211978ee955e657c19210feebb9d6bfafd2a445848
                                                                                                                                                                    • Instruction Fuzzy Hash: 4941A571800659FBDF029FE5CC44CDEBFBAFF49250B10846AF914A6120D7759A90EF50
                                                                                                                                                                    Function 200100CA Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 192COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysFreeString.OLEAUT32(00060001), ref: 200101A7
                                                                                                                                                                    • SysFreeString.OLEAUT32(00060001), ref: 20010221
                                                                                                                                                                    • CoTaskMemFree.OLE32(00060125), ref: 2001022F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Free$String$Task
                                                                                                                                                                    • String ID: FileName$Font$MouseIcon$TextRTF$_Version$`<u
                                                                                                                                                                    • API String ID: 421868389-1284233966
                                                                                                                                                                    • Opcode ID: 4fa70ce61344b8c9c32b8d9c970d3042eb2a9d26806a7704d56805b9671801a0
                                                                                                                                                                    • Instruction ID: 2870790579e92ebaf0a2e2e19a10cd3c361dcc7e513488fb91b5399301a94d37
                                                                                                                                                                    • Opcode Fuzzy Hash: 4fa70ce61344b8c9c32b8d9c970d3042eb2a9d26806a7704d56805b9671801a0
                                                                                                                                                                    • Instruction Fuzzy Hash: AC714F31600216AFEB04CFA4C894FAEB7F5FF49304F108459F955EB251D7B4AA84CB60
                                                                                                                                                                    Function 20019F21 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170clipboardCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20019F3A
                                                                                                                                                                    • GetClipboardFormatNameA.USER32(?,?,0000000A), ref: 20019FB1
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 20019FD4
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20019FE2
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,00000000,00000000,00000002), ref: 20019FED
                                                                                                                                                                    • VariantClear.OLEAUT32(00000008), ref: 2001A083
                                                                                                                                                                    • VariantCopyInd.OLEAUT32(00000001,?), ref: 2001A0C1
                                                                                                                                                                    • VariantInit.OLEAUT32(00000008), ref: 2001A118
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$Init$Clear$ChangeClipboardCopyFormatNameType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1730929548-894760207
                                                                                                                                                                    • Opcode ID: dfd2b504ed215767b6781f0f6c70cff5ab806eba5ecd1564a33cba451d89a162
                                                                                                                                                                    • Instruction ID: b6fa28301bf02cff1aadc1ae2a8bffa2d250a2dab096f3884693d1517f40d429
                                                                                                                                                                    • Opcode Fuzzy Hash: dfd2b504ed215767b6781f0f6c70cff5ab806eba5ecd1564a33cba451d89a162
                                                                                                                                                                    • Instruction Fuzzy Hash: 10515D31E00606EBFB118FE1C884A99F7F5BB09315F10803AE605A7561E7B4EEC5DBA1
                                                                                                                                                                    Function 2001AE9F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SafeArrayGetUBound.OLEAUT32(0000000A,00000001,?), ref: 2001AEE7
                                                                                                                                                                    • SafeArrayRedim.OLEAUT32(0000000A,?), ref: 2001AF0E
                                                                                                                                                                    • SafeArrayGetElement.OLEAUT32(0000000A,?,?), ref: 2001AF3A
                                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(0000000A,0000000A,?), ref: 2001AF54
                                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(0000000A,?,?), ref: 2001AF6C
                                                                                                                                                                    • VariantClear.OLEAUT32(0000000A), ref: 2001AF75
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 2001AF88
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,0000000A,00000000,00000003), ref: 2001AF9A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ArraySafe$ElementVariant$BoundChangeClearInitRedimType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 3512421400-894760207
                                                                                                                                                                    • Opcode ID: aee3c6c7a3761547e60871a65c260645251f391e78aea8dc09ce9f5141eabe68
                                                                                                                                                                    • Instruction ID: 5e29a88e54d0ad994019d73b10782ef11b09c85f2e18830a1445d3ba22e4f99a
                                                                                                                                                                    • Opcode Fuzzy Hash: aee3c6c7a3761547e60871a65c260645251f391e78aea8dc09ce9f5141eabe68
                                                                                                                                                                    • Instruction Fuzzy Hash: 14413FB590060AAFEB11DFD5C884A9EB7FAFB44340F104929F911D3251E734EE899B60
                                                                                                                                                                    Function 2001261D Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 103windowmemorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 20012634
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 2001268C
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 200126B2
                                                                                                                                                                    • wsprintfA.USER32 ref: 200126D3
                                                                                                                                                                    • SendMessageA.USER32(?,00000143,00000000,?), ref: 200126EC
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 200126F5
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 2001271F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeMessageSend$ByteCharHeapMultiStringWidelstrlenwsprintf
                                                                                                                                                                    • String ID: %ld - %s$`<u
                                                                                                                                                                    • API String ID: 1410733426-3064458049
                                                                                                                                                                    • Opcode ID: ce8da8d2880e6d9802591719c973ee0c30bc51552790cee394d9723d9867c491
                                                                                                                                                                    • Instruction ID: 84caeb6f230976f35087d3cc78a427ec05e25e84a239ea8acc2fe77c215afabb
                                                                                                                                                                    • Opcode Fuzzy Hash: ce8da8d2880e6d9802591719c973ee0c30bc51552790cee394d9723d9867c491
                                                                                                                                                                    • Instruction Fuzzy Hash: A3313335904008FFEB119F94CC88EDEBBBAFF89704F008199F955A6161D7759A90EF60
                                                                                                                                                                    Function 20001DCB Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80registrywindowmemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,?,?,?,?,20001DC8), ref: 20001DDD
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,?,?,20001DC8), ref: 20001DED
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,?,?,?,?,20001DC8), ref: 20001DF0
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,?,?,20001DC8), ref: 20001DFB
                                                                                                                                                                    • RegisterWindowMessageA.USER32(Rich Text Format,?,?,?,?,20001DC8), ref: 20001E43
                                                                                                                                                                    • RegisterWindowMessageA.USER32(Link,?,?,?,?,20001DC8), ref: 20001E5D
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,20001DC8), ref: 20001E7D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeaveMessageRegisterWindow$FreeHeap
                                                                                                                                                                    • String ID: Link$Rich Text Format
                                                                                                                                                                    • API String ID: 1573441871-293146030
                                                                                                                                                                    • Opcode ID: 1356501cef86a727b110c43bbd27ac30c4eeb9fdcecb13c9939069dcfb3cf910
                                                                                                                                                                    • Instruction ID: ea14273723f1a4d2f5200c698df5153ffa73a28ca0a0d63792e4de405d4135a6
                                                                                                                                                                    • Opcode Fuzzy Hash: 1356501cef86a727b110c43bbd27ac30c4eeb9fdcecb13c9939069dcfb3cf910
                                                                                                                                                                    • Instruction Fuzzy Hash: 99212A705086419FF3209FA4C8D4A5EB7BABB45305710493EE546C7522C7B9AD85DB21
                                                                                                                                                                    Function 2001BBD7 Relevance: 15.1, APIs: 10, Instructions: 76windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 2001BBE5
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,?,20019626,?,2001BCCD,00000000,?,20019E2A,?,?,00000000,?,?,?,?), ref: 2001BBF3
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,20019626,?,2001BCCD,00000000,?,20019E2A,?,?,00000000,?,?,?,?), ref: 2001BC07
                                                                                                                                                                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 2001BC29
                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 2001BC34
                                                                                                                                                                    • CreateDIBitmap.GDI32(00000000,?,00000004,00000000,?,00000000), ref: 2001BC4C
                                                                                                                                                                    • SelectPalette.GDI32(00000000,?,00000000), ref: 2001BC68
                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 2001BC6F
                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 2001BC7E
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 2001BC8C
                                                                                                                                                                      • Part of subcall function 2001B904: GetDC.USER32(00000000), ref: 2001B911
                                                                                                                                                                      • Part of subcall function 2001B904: GetDeviceCaps.GDI32(00000000,0000000E), ref: 2001B922
                                                                                                                                                                      • Part of subcall function 2001B904: GetDeviceCaps.GDI32(00000000,00000068), ref: 2001B92C
                                                                                                                                                                      • Part of subcall function 2001B904: GetDeviceCaps.GDI32(00000000,0000000C), ref: 2001B936
                                                                                                                                                                      • Part of subcall function 2001B904: GetStockObject.GDI32(0000000F), ref: 2001B959
                                                                                                                                                                      • Part of subcall function 2001B904: ReleaseDC.USER32(00000000,00000000), ref: 2001B967
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Palette$CapsDevice$CriticalObjectRealizeReleaseSectionSelect$BitmapCreateDeleteEnterLeaveStock
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2764517234-0
                                                                                                                                                                    • Opcode ID: 0f97350f188d6b4e0a3d9b04341fd627f4a1cf645816f4128cc7cefbdf0454a6
                                                                                                                                                                    • Instruction ID: 6833a1310f457eaf806a1fbe018405a51c8494b7d24f78c49c171bd70472d138
                                                                                                                                                                    • Opcode Fuzzy Hash: 0f97350f188d6b4e0a3d9b04341fd627f4a1cf645816f4128cc7cefbdf0454a6
                                                                                                                                                                    • Instruction Fuzzy Hash: 0C116D72409655AFF3106FA8DCC8ABFFBBEFB45656710002DF20292510DB785D809AA2
                                                                                                                                                                    Function 200132F5 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • StringFromCLSID.OLE32(?,?), ref: 20013333
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 20013355
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 2001338B
                                                                                                                                                                    • wsprintfA.USER32 ref: 20013398
                                                                                                                                                                    • RegQueryValueA.ADVAPI32(80000000,?,00000000,?), ref: 200133B8
                                                                                                                                                                    • RegQueryValueA.ADVAPI32(80000000,?,?,?), ref: 200133DA
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 200133EF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiQueryValueWide$FreeFromStringTaskwsprintf
                                                                                                                                                                    • String ID: CLSID\%s\ProgID
                                                                                                                                                                    • API String ID: 2761806598-1152224379
                                                                                                                                                                    • Opcode ID: 6766d771a9f0ce7397e512c4ded02e0dab818efadf162adcbb3583efe45e0dfa
                                                                                                                                                                    • Instruction ID: d747b9352a81618a0a5cb2fde48d04a57f0fdb807c359fd5f6146a86974f8e39
                                                                                                                                                                    • Opcode Fuzzy Hash: 6766d771a9f0ce7397e512c4ded02e0dab818efadf162adcbb3583efe45e0dfa
                                                                                                                                                                    • Instruction Fuzzy Hash: 95416C71805129BBEF119FD4DC849EEBFB9FF04760B20816AF514A6151CB349B91DBA0
                                                                                                                                                                    Function 20016108 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 77registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • wsprintfA.USER32 ref: 2001612E
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000000,?,00000000,000F003F,20015F16), ref: 2001614B
                                                                                                                                                                    • wsprintfA.USER32 ref: 2001616D
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA54,00000000,0002001F,00000000,?,00000000), ref: 200161A1
                                                                                                                                                                    • RegCloseKey.ADVAPI32(20015F16), ref: 200161CC
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 200161D1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Closewsprintf$CreateOpen
                                                                                                                                                                    • String ID: %s.%s$%s.%s.%ld
                                                                                                                                                                    • API String ID: 1017869574-1933027761
                                                                                                                                                                    • Opcode ID: 3f779026fb14a627d67b008cdd4212e8e6399798e39d1f73f0fe91af98f02ad4
                                                                                                                                                                    • Instruction ID: b78eb41c6d12b20ef86a76962fe831747b41f7b33a61d9368b9fee52bfdb7905
                                                                                                                                                                    • Opcode Fuzzy Hash: 3f779026fb14a627d67b008cdd4212e8e6399798e39d1f73f0fe91af98f02ad4
                                                                                                                                                                    • Instruction Fuzzy Hash: 2E216A7A50021DBBEB119FA4CC45FDEBB6DEF44310F104065FA04A6191EB70EBA4AEA0
                                                                                                                                                                    Function 2000568E Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 43registrylibraryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018), ref: 2000569B
                                                                                                                                                                    • LoadLibraryA.KERNEL32(RichEd32.DLL), ref: 200056AF
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018), ref: 200056C3
                                                                                                                                                                    • GetClassInfoA.USER32(RICHEDIT,?), ref: 200056D8
                                                                                                                                                                    • RegisterClassA.USER32(?), ref: 20005710
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018), ref: 2000B649
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$ClassLeave$EnterInfoLibraryLoadRegister
                                                                                                                                                                    • String ID: RICHEDIT$RichEd32.DLL
                                                                                                                                                                    • API String ID: 2175746400-1135370958
                                                                                                                                                                    • Opcode ID: 3dd503d76359ae62eb73a005704ec2f9dc2e960849f11bfd561a0d6432dd539f
                                                                                                                                                                    • Instruction ID: ddd26d834f56160ba3f2b053e1ef1025d7eceeb9d992d9f6340bbc6524cc8e48
                                                                                                                                                                    • Opcode Fuzzy Hash: 3dd503d76359ae62eb73a005704ec2f9dc2e960849f11bfd561a0d6432dd539f
                                                                                                                                                                    • Instruction Fuzzy Hash: D3014C34909A84EFF701DFE4CD48ADDBBFAAB0C205B104025F945E3220D7B89E81EB61
                                                                                                                                                                    Function 200021C3 Relevance: 13.6, APIs: 9, Instructions: 148COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018), ref: 200021EC
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018), ref: 2000221B
                                                                                                                                                                    • LoadRegTypeLib.OLEAUT32(?,?,00000000,?), ref: 20002240
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeaveLoadType
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 178205823-0
                                                                                                                                                                    • Opcode ID: c746c9fc3755c796b4d60456ca423d282187ae7b972d558e2dc76b2d72d0b5ac
                                                                                                                                                                    • Instruction ID: e2c551c6a80fa8411cbcf4a6b184bac23da9932f9cddb517cbd0c754740f4eb8
                                                                                                                                                                    • Opcode Fuzzy Hash: c746c9fc3755c796b4d60456ca423d282187ae7b972d558e2dc76b2d72d0b5ac
                                                                                                                                                                    • Instruction Fuzzy Hash: 60515975104109AFFB11CF94CD88FA977BAFB48314F108094FA099B261DB75DE85DB60
                                                                                                                                                                    Function 200161DF Relevance: 13.6, APIs: 9, Instructions: 112registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(20015F16,00000000,00000000,?,?,?,00000000,80000000,00000000), ref: 20016208
                                                                                                                                                                    • RegSetValueExA.ADVAPI32(200161B8,00000000,00000000,?,?,00000104), ref: 20016224
                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(20015F16,00000000,?,00000104,00000000,00000000,00000000,?), ref: 20016257
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(20015F16,?,00000000,000F003F,200161B8), ref: 2001627B
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(200161B8,?,00000000,2001EA58,00000000,0002001F,00000000,?,?), ref: 200162A7
                                                                                                                                                                    • RegCloseKey.ADVAPI32(200161B8), ref: 200162C4
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 200162C9
                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(00000000,00000000,?,00000104,00000000,00000000,00000000,?), ref: 200162E6
                                                                                                                                                                    • RegCloseKey.ADVAPI32(200161B8), ref: 20016300
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$EnumValue$CreateOpenQuery
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2968832820-0
                                                                                                                                                                    • Opcode ID: 694b6acf621db1888cfd41a1fc7041eb3432fa9e31dd274c82abec653494ab75
                                                                                                                                                                    • Instruction ID: 54b21af44dc554ffb213976ee0ead5038d3fc7d7808786c4c5cbc002658357d6
                                                                                                                                                                    • Opcode Fuzzy Hash: 694b6acf621db1888cfd41a1fc7041eb3432fa9e31dd274c82abec653494ab75
                                                                                                                                                                    • Instruction Fuzzy Hash: 4F319372901529BAEB119BD1DC84DEFBFBDEF093A0B1041A2F905E1010E7759F94DBA0
                                                                                                                                                                    Function 2001927A Relevance: 13.6, APIs: 9, Instructions: 104memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 200192B8
                                                                                                                                                                    • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 200192C8
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00002000,00000001), ref: 200192F7
                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 20019317
                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 2001932C
                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 20019350
                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 20019359
                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 2001936D
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 20019376
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Global$ArraySafe$BoundDataUnlock$AccessAllocFreeLockUnaccess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1328254947-0
                                                                                                                                                                    • Opcode ID: 3f1241ef9324666ef9f789ec3229b51ff1e46ccf5018ce84c789e2d678dc1ce6
                                                                                                                                                                    • Instruction ID: 244373bd7dfea13f8fa10a9f37328a14cb8dd880af31067da50fc49fc1cb48c4
                                                                                                                                                                    • Opcode Fuzzy Hash: 3f1241ef9324666ef9f789ec3229b51ff1e46ccf5018ce84c789e2d678dc1ce6
                                                                                                                                                                    • Instruction Fuzzy Hash: 80314C31A00249EBFB109FA5CC48BDEBBF9FB44761F108069F919DA191D7B4DA90DB90
                                                                                                                                                                    Function 100034F0 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018680631.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018657246.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018708680.000000001000A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018733457.0000000010010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_10000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$_errnodeflatefclose
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2899536112-0
                                                                                                                                                                    • Opcode ID: 2d88d4643c1e66c0cb2fc857da0721646237d97c1472f2b182b4952c0966e7df
                                                                                                                                                                    • Instruction ID: 6e5b0eb5cc05b01dfddd556289238404ae9e660b6cbc00ebe6f74758e713f603
                                                                                                                                                                    • Opcode Fuzzy Hash: 2d88d4643c1e66c0cb2fc857da0721646237d97c1472f2b182b4952c0966e7df
                                                                                                                                                                    • Instruction Fuzzy Hash: 2D11A3B0B00F414BFB62DB7D9C90A4B73DCEF012D67468634E886C7668E711FE458662
                                                                                                                                                                    Function 20007794 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200077A6
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 200077B9
                                                                                                                                                                    • SendMessageA.USER32(?,0000043D,00000000,0000009C), ref: 20007803
                                                                                                                                                                    • SendMessageA.USER32(?,00000447,00000000,0000009C), ref: 200078E7
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 200078FD
                                                                                                                                                                      • Part of subcall function 20002946: GetDC.USER32(00000000), ref: 2000299E
                                                                                                                                                                      • Part of subcall function 20002946: GetDeviceCaps.GDI32(00000000,00000058), ref: 200029A9
                                                                                                                                                                      • Part of subcall function 20002946: ReleaseDC.USER32(00000000,00000000), ref: 200029B4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$MessageSend$CapsChangeClearDeviceInitReleaseType
                                                                                                                                                                    • String ID: $$p=<u
                                                                                                                                                                    • API String ID: 3411086202-229524820
                                                                                                                                                                    • Opcode ID: 22c74b61f79dffe381a8c83562be49774b6a674c4702387c5614e3d9c5d18068
                                                                                                                                                                    • Instruction ID: 11d8ea397e6175aa58a18b5a82a6c7cffb55fbd18f120f5f2b85201e8c49b27d
                                                                                                                                                                    • Opcode Fuzzy Hash: 22c74b61f79dffe381a8c83562be49774b6a674c4702387c5614e3d9c5d18068
                                                                                                                                                                    • Instruction Fuzzy Hash: A0412471E04219EEFB149BE4C848FEEB7FAEB05304F508465E65DE2151DB38AE85CB21
                                                                                                                                                                    Function 200148D5 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104), ref: 2001495C
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 20014969
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000002), ref: 20014991
                                                                                                                                                                    • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 200149A3
                                                                                                                                                                    • UnRegisterTypeLib.OLEAUT32(?,?,?,?), ref: 200149D7
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 200149F8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Type$ByteCharFileFreeHeapLoadModuleMultiNameRegisterWidelstrlen
                                                                                                                                                                    • String ID: RICHTEXT
                                                                                                                                                                    • API String ID: 1341302007-1856496989
                                                                                                                                                                    • Opcode ID: 4bdcdef8181a742abcfec7e01ad8e18a474f373195c0d4a5eacf1e2194f8f535
                                                                                                                                                                    • Instruction ID: 30a3307270a05d4ae0d98d7159c91dbe324af2adcecceea5b973931d84bbb603
                                                                                                                                                                    • Opcode Fuzzy Hash: 4bdcdef8181a742abcfec7e01ad8e18a474f373195c0d4a5eacf1e2194f8f535
                                                                                                                                                                    • Instruction Fuzzy Hash: E441457280415AEFFB118FD4CC84EAEBBBAFB09305F5080A9F605A7161D7749E85DB20
                                                                                                                                                                    Function 2001AFE7 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 2001B00A
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000003), ref: 2001B01C
                                                                                                                                                                    • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 2001B05A
                                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 2001B075
                                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(?,?,00000000), ref: 2001B087
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 2001B08F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ArrayElementSafeVariant$ChangeClearInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1638861776-894760207
                                                                                                                                                                    • Opcode ID: 60cea59c691d678190f83836cbe7b21532dc31524c13f708e8091b252badcf05
                                                                                                                                                                    • Instruction ID: 55ce3729af8d994a82e8ebe64fe67b89065ef58af120dc727c5ddc3949361ec6
                                                                                                                                                                    • Opcode Fuzzy Hash: 60cea59c691d678190f83836cbe7b21532dc31524c13f708e8091b252badcf05
                                                                                                                                                                    • Instruction Fuzzy Hash: 36210A71A00609EBEB01DFA9C884BDEBBB9FF08345F108426E515D6152E735AB84DB50
                                                                                                                                                                    Function 20016352 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 2001537A: wsprintfA.USER32 ref: 200153BB
                                                                                                                                                                    • wsprintfA.USER32 ref: 20016385
                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000000,?,00000000,2001EA5C,00000000,00020019,00000000,2001E1EC,2001E1EC), ref: 200163B2
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(2001E1EC,Implemented Categories,00000000,000F003F,00000000), ref: 200163CF
                                                                                                                                                                    • RegCloseKey.ADVAPI32(2001E1EC), ref: 200163E0
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 200163EF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Closewsprintf$CreateOpen
                                                                                                                                                                    • String ID: CLSID\%s$Implemented Categories
                                                                                                                                                                    • API String ID: 1017869574-4018555196
                                                                                                                                                                    • Opcode ID: 68fb9a8fc523c19f90b648f3ff0d047c3d6c5b64dbb60dae90284c9e3dcbfa1c
                                                                                                                                                                    • Instruction ID: 4014cfa2713d7b842f6adb1cf6895c5baaeaf5d357d6192542fbdad32c4b020c
                                                                                                                                                                    • Opcode Fuzzy Hash: 68fb9a8fc523c19f90b648f3ff0d047c3d6c5b64dbb60dae90284c9e3dcbfa1c
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F11653654421DBBFB109BD0DC85FDEBBADAB14350F100061FB04E5050D7B1EB949A90
                                                                                                                                                                    Function 200043CC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 15registrywindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegisterWindowMessageA.USER32(Rich Text Format,00000001,200014B0), ref: 200043D8
                                                                                                                                                                    • RegisterWindowMessageA.USER32(RichEdit Text and Objects), ref: 200043E5
                                                                                                                                                                    • RegisterWindowMessageA.USER32(Rich Text Format Without Objects), ref: 200043F2
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(2001E040), ref: 200043FF
                                                                                                                                                                    Strings
                                                                                                                                                                    • Rich Text Format Without Objects, xrefs: 200043E7
                                                                                                                                                                    • RichEdit Text and Objects, xrefs: 200043DA
                                                                                                                                                                    • Rich Text Format, xrefs: 200043D3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageRegisterWindow$CriticalInitializeSection
                                                                                                                                                                    • String ID: Rich Text Format$Rich Text Format Without Objects$RichEdit Text and Objects
                                                                                                                                                                    • API String ID: 2191193971-133688827
                                                                                                                                                                    • Opcode ID: 5135dc148cec4ab9e459f2822c323352bb5844595014ab96a0698231c14ca5a7
                                                                                                                                                                    • Instruction ID: c5e0ebe8ebfb163fba9dd9c72200b9f0ac552cb43e5e75974561943b7bfdab68
                                                                                                                                                                    • Opcode Fuzzy Hash: 5135dc148cec4ab9e459f2822c323352bb5844595014ab96a0698231c14ca5a7
                                                                                                                                                                    • Instruction Fuzzy Hash: 7DD09E35C196E4B1BA1457F5DC4C58F7E16FF0C296314500AA6685713896B85F40DB8A
                                                                                                                                                                    Function 10003E00 Relevance: 12.2, APIs: 8, Instructions: 247COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018680631.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018657246.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018708680.000000001000A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018733457.0000000010010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_10000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: df48df6a4335fbe7ffa4a78a57da3aee0c2c8015d589778f3042233d0bc27270
                                                                                                                                                                    • Instruction ID: 5e8035bac150992ef5566420e2735368c4bcd035e5cc936942894b6522facd07
                                                                                                                                                                    • Opcode Fuzzy Hash: df48df6a4335fbe7ffa4a78a57da3aee0c2c8015d589778f3042233d0bc27270
                                                                                                                                                                    • Instruction Fuzzy Hash: AD91E9B5A0434A9FEB08CF29C8806AE7BE5FF84394F11852DFD1987385DB71E9408B95
                                                                                                                                                                    Function 2000587C Relevance: 12.1, APIs: 8, Instructions: 146windowcomCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,0000043C,00000000,?), ref: 200058A0
                                                                                                                                                                    • SendMessageA.USER32(?,00000435,00000000,0FFFFFFF), ref: 200058B3
                                                                                                                                                                    • SendMessageA.USER32(?,00000445,00000000,003A0003), ref: 200058C6
                                                                                                                                                                    • CoTaskMemFree.OLE32(?,?,00000002,00000000), ref: 20005957
                                                                                                                                                                    • DragAcceptFiles.SHELL32(?,00000000), ref: 200059DB
                                                                                                                                                                    • RevokeDragDrop.OLE32(?), ref: 20005A0E
                                                                                                                                                                    • OleTranslateColor.OLEAUT32(?,00000000,?), ref: 2000B69C
                                                                                                                                                                    • SendMessageA.USER32(?,00000443,00000000,?), ref: 2000B6B2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend$Drag$AcceptColorDropFilesFreeRevokeTaskTranslate
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3776181316-0
                                                                                                                                                                    • Opcode ID: 9d2f354b6436ba96e530d4a5c4af1ccef94e8dfacb1a460276cded516e10fbf0
                                                                                                                                                                    • Instruction ID: c980d8c5d97a106cdbbed2a383b65038460556be3dad279ac28e3cb25badcf8a
                                                                                                                                                                    • Opcode Fuzzy Hash: 9d2f354b6436ba96e530d4a5c4af1ccef94e8dfacb1a460276cded516e10fbf0
                                                                                                                                                                    • Instruction Fuzzy Hash: A751A870200B04AFF7219BA4CC85FEFB7EAEF49301F104929F29AD6191EA746E44DB10
                                                                                                                                                                    Function 20001410 Relevance: 12.1, APIs: 8, Instructions: 78memorythreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersion.KERNEL32 ref: 20001427
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(2001E018), ref: 2000146C
                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 2000147B
                                                                                                                                                                    • DisableThreadLibraryCalls.KERNEL32(?), ref: 20001498
                                                                                                                                                                    • GetSystemMetrics.USER32(0000002A), ref: 200014A0
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(2001E018), ref: 200014BC
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 2000C5FB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalLibrarySection$CallsDeleteDisableFreeHeapInitializeMetricsProcessSystemThreadVersion
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3233769930-0
                                                                                                                                                                    • Opcode ID: 2356a1d3470717a018d13d040cfb518c906ca36fb8b6909cf6bb2aff9ca600a6
                                                                                                                                                                    • Instruction ID: 8cab55ccff9d3a673b92056ff4a838f55156367f6d95f78d24a29ebcc6af598b
                                                                                                                                                                    • Opcode Fuzzy Hash: 2356a1d3470717a018d13d040cfb518c906ca36fb8b6909cf6bb2aff9ca600a6
                                                                                                                                                                    • Instruction Fuzzy Hash: 29211D7464CA809FF712DBE8CC88B8DB7E6FB48351B208826F145C6170D6F89DC4AB61
                                                                                                                                                                    Function 20017762 Relevance: 12.1, APIs: 8, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,?,00000005), ref: 20017788
                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,?,200170CB), ref: 2001779B
                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,200170CB), ref: 200177A6
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,?,?,?,200170CB), ref: 200177B8
                                                                                                                                                                      • Part of subcall function 200057EE: EnterCriticalSection.KERNEL32(2001E018,2001E018,?,00000000,?,?,?,?,?,?,?,2000D27E,?,00000000), ref: 200057FD
                                                                                                                                                                      • Part of subcall function 200057EE: LeaveCriticalSection.KERNEL32(2001E018,?,00000000,?,?,?,?,?,?,?,2000D27E), ref: 2000580E
                                                                                                                                                                    • CreateDialogIndirectParamA.USER32(00000000,00000000,20017877,00000000), ref: 200177D8
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,?,200170CB), ref: 200177E6
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,200170CB), ref: 200177F8
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,200170CB), ref: 200177FE
                                                                                                                                                                      • Part of subcall function 20017967: EnterCriticalSection.KERNEL32(2001E018,00000104,?,20011E3D,?), ref: 2001798C
                                                                                                                                                                      • Part of subcall function 20017967: LeaveCriticalSection.KERNEL32(2001E018), ref: 200179B8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeaveResource$ErrorLast$CreateDialogFindIndirectLoadLockParam
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2015898792-0
                                                                                                                                                                    • Opcode ID: 56af9755cf082c21ecc3a0cbab2bd0622017bc993d01430ab4b0f95b37ed5713
                                                                                                                                                                    • Instruction ID: 5af123f77b1ad7ed664d9c3f1470be68032b3743ad6721a115d11afe42823c84
                                                                                                                                                                    • Opcode Fuzzy Hash: 56af9755cf082c21ecc3a0cbab2bd0622017bc993d01430ab4b0f95b37ed5713
                                                                                                                                                                    • Instruction Fuzzy Hash: 4F117031948A51AFF7115BA0CC88B6FB7BDAB44251F104035F549D60A0DBBCEDC5EB60
                                                                                                                                                                    Function 10006A5B Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 153COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018680631.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018657246.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018708680.000000001000A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018733457.0000000010010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_10000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: adler32crc32
                                                                                                                                                                    • String ID: $ $ $
                                                                                                                                                                    • API String ID: 2730854496-3535155489
                                                                                                                                                                    • Opcode ID: 928a1c1b711f926d89f87e745dca494e0efa9d6925690e15c05744e7313b7558
                                                                                                                                                                    • Instruction ID: 0bf9be664d7ea9ce003c02fc918af72759ef68735f6281fb9864df4fdb5712bb
                                                                                                                                                                    • Opcode Fuzzy Hash: 928a1c1b711f926d89f87e745dca494e0efa9d6925690e15c05744e7313b7558
                                                                                                                                                                    • Instruction Fuzzy Hash: 555163B07043558FE708DF18D890A2ABBE2EFC9394F61856DE895CB349DB31D941CB92
                                                                                                                                                                    Function 200022C9 Relevance: 10.7, APIs: 7, Instructions: 153COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EB), ref: 200022D8
                                                                                                                                                                    • SetWindowLongA.USER32(?,000000EB,00000000), ref: 2000237B
                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 20002398
                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 200023A5
                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 200023CD
                                                                                                                                                                    • SetWindowLongA.USER32(?,000000EB,000000FF), ref: 200023E9
                                                                                                                                                                    • DefWindowProcA.USER32(?,?,?,?), ref: 2000D379
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$Long$Paint$BeginClientProcRect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3420580941-0
                                                                                                                                                                    • Opcode ID: 029e49744e1f70aaf52800d6b8d12dbb2c9a29866aac3c736592b2ae63d9b103
                                                                                                                                                                    • Instruction ID: e5bff4f1ddc630619eb02322237d4a003954e5c1349af22167f7af02583ec94b
                                                                                                                                                                    • Opcode Fuzzy Hash: 029e49744e1f70aaf52800d6b8d12dbb2c9a29866aac3c736592b2ae63d9b103
                                                                                                                                                                    • Instruction Fuzzy Hash: 07515C35204608AFFB118F94C888FAE7BFAFF49311F108518FA569B1A0C7799E11DB51
                                                                                                                                                                    Function 20012205 Relevance: 10.6, APIs: 7, Instructions: 126windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 20012273
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 2001227A
                                                                                                                                                                    • CheckDlgButton.USER32(?,0000083E,00000000), ref: 200122C4
                                                                                                                                                                    • GetDlgItem.USER32(?,0000083A), ref: 2001233B
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 2001233E
                                                                                                                                                                    • GetDlgItem.USER32(?,0000083A), ref: 20012354
                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 20012357
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ItemMessageSend$ButtonCheck
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2619142246-0
                                                                                                                                                                    • Opcode ID: 3144d94b3c5cd6b26e0a57e3eef4d05cf546c9184ebdf594bcddc89e6b6a1156
                                                                                                                                                                    • Instruction ID: 6a1f9878480cedc09c2d1ac86780d8aeaddbd9b5e4aec3afe8e0aea2301eb0b3
                                                                                                                                                                    • Opcode Fuzzy Hash: 3144d94b3c5cd6b26e0a57e3eef4d05cf546c9184ebdf594bcddc89e6b6a1156
                                                                                                                                                                    • Instruction Fuzzy Hash: 9F41F975600208BFEB00DFA4CD84EAEBBB9FB89744F108158F609DB1A0DA759F91DB50
                                                                                                                                                                    Function 20011D18 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadStringA.USER32(?,000007D5,?,00000028), ref: 20011DD5
                                                                                                                                                                    • LoadStringA.USER32(?,000007D6,?,00000104), ref: 20011DE7
                                                                                                                                                                    • GetOpenFileNameA.COMDLG32(0000004C), ref: 20011DFE
                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000837,20006EFD), ref: 20011E21
                                                                                                                                                                    • CommDlgExtendedError.COMDLG32(0000004C), ref: 20011E42
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LoadString$CommErrorExtendedFileItemNameOpenText
                                                                                                                                                                    • String ID: L
                                                                                                                                                                    • API String ID: 1325230962-2909332022
                                                                                                                                                                    • Opcode ID: d450e58af92cf368de0ba2977b504e70ca14e9bd4ea275b2ab1c68662730e313
                                                                                                                                                                    • Instruction ID: d3d754e5e0df7a250e17ee7d337ff453b5b33010f8846566e1a80bae9886e8bf
                                                                                                                                                                    • Opcode Fuzzy Hash: d450e58af92cf368de0ba2977b504e70ca14e9bd4ea275b2ab1c68662730e313
                                                                                                                                                                    • Instruction Fuzzy Hash: 14316071E05229ABEF15DBE4C945BDEBBF9AF08700F10416AE905E7281DB749E44CB90
                                                                                                                                                                    Function 2000E706 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(0000000A), ref: 2000E737
                                                                                                                                                                    • VariantChangeType.OLEAUT32(0000000A,0000000A,00000000,00000002), ref: 2000E748
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 2000E76A
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 2000E790
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,00000002,00000001), ref: 2000E803
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$ByteChangeCharFreeHeapInitMultiTypeWidelstrlen
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 4199993932-894760207
                                                                                                                                                                    • Opcode ID: b7998a3ed3989cca665f8d3e3e7c133d50ab92a6fa3dbb89f59fcf71bf104a37
                                                                                                                                                                    • Instruction ID: 84871cf2fc410aa78657337656bd476c5d087f2ee636a14c06978a328260d9e2
                                                                                                                                                                    • Opcode Fuzzy Hash: b7998a3ed3989cca665f8d3e3e7c133d50ab92a6fa3dbb89f59fcf71bf104a37
                                                                                                                                                                    • Instruction Fuzzy Hash: 0E319135514159AFFB219BA4CC48FEE77BAFB84744F2081A9F609A3091D7B44E84CB90
                                                                                                                                                                    Function 2000E5D8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(0000000A), ref: 2000E609
                                                                                                                                                                    • VariantChangeType.OLEAUT32(0000000A,0000000A,00000000,00000002), ref: 2000E61A
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 2000E63C
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 2000E662
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,00000000,00000001), ref: 2000E6D4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$ByteChangeCharFreeHeapInitMultiTypeWidelstrlen
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 4199993932-894760207
                                                                                                                                                                    • Opcode ID: b8cfafe5515ade2d6399e35a6287de271505fd364933c936ce3b6408544d9397
                                                                                                                                                                    • Instruction ID: 8a10de50a2d9b378043685aaab2741fc82510256c286b4abf03d0a5ba2482fb8
                                                                                                                                                                    • Opcode Fuzzy Hash: b8cfafe5515ade2d6399e35a6287de271505fd364933c936ce3b6408544d9397
                                                                                                                                                                    • Instruction Fuzzy Hash: C731BF31914199AFFB219BA4CC48FEA7BBAFB54384F1041A9F505A3051D7B64E80CFA0
                                                                                                                                                                    Function 200069FB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysStringLen.OLEAUT32(?), ref: 20006A2E
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 20006A38
                                                                                                                                                                    • CoTaskMemFree.OLE32(?,?,?,?), ref: 20006A75
                                                                                                                                                                    • SendMessageA.USER32(?,0000000C,00000000,20006EFD), ref: 20006A9C
                                                                                                                                                                    • SendMessageA.USER32(?,00000303,00000000,00000000), ref: 2000A77B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend$ByteCharFreeMultiStringTaskWide
                                                                                                                                                                    • String ID: P?<u`<u
                                                                                                                                                                    • API String ID: 2231677924-3193948180
                                                                                                                                                                    • Opcode ID: b6dde8fbd067b61bde207fe2c0993901984eba04fcdaec500c97788039724301
                                                                                                                                                                    • Instruction ID: 9754ba0271ecec00985220e8babd5b09a1081f7ffa0e50367c9ea40957146ff8
                                                                                                                                                                    • Opcode Fuzzy Hash: b6dde8fbd067b61bde207fe2c0993901984eba04fcdaec500c97788039724301
                                                                                                                                                                    • Instruction Fuzzy Hash: 6D217F35606228BBFB11ABE1CC48EDFBEBFEF0A791F108165F509A2150C7344E10DAA1
                                                                                                                                                                    Function 20016046 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000000,2001EA50,00000000,000F003F,?,80000000,75BF8400,00000000), ref: 20016088
                                                                                                                                                                    • wsprintfA.USER32 ref: 200160B0
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,000F003F,?), ref: 200160CA
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 200160E2
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 20016100
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpen$wsprintf
                                                                                                                                                                    • String ID: %s.%s.%ld
                                                                                                                                                                    • API String ID: 4007539757-2279462022
                                                                                                                                                                    • Opcode ID: 7cd1c4793ccdd73fc7583f25927e69197b4aef0cd41062d180da175303cdbc19
                                                                                                                                                                    • Instruction ID: bbcc5ef4e81ed3402dadab2b42af7f0e394b2d5a2a17af828590a5d343762813
                                                                                                                                                                    • Opcode Fuzzy Hash: 7cd1c4793ccdd73fc7583f25927e69197b4aef0cd41062d180da175303cdbc19
                                                                                                                                                                    • Instruction Fuzzy Hash: 9521F972A04209AFFB129FD4CC80BEFBBB9EB08344F104579EA05E6151D375EE949B60
                                                                                                                                                                    Function 20001FB6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysStringLen.OLEAUT32(?), ref: 20001FE1
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 20001FE7
                                                                                                                                                                    • CoTaskMemAlloc.OLE32(00000001), ref: 20001FF3
                                                                                                                                                                    • SysStringLen.OLEAUT32(?), ref: 20002009
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 20002011
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiStringWide$AllocTask
                                                                                                                                                                    • String ID: P?<u`<u
                                                                                                                                                                    • API String ID: 98667306-3193948180
                                                                                                                                                                    • Opcode ID: 8c172357a52d6e521d01b9dfae0b7d01a408683ad0e11bd30eb3851361f9248c
                                                                                                                                                                    • Instruction ID: d6813963d863171ae3644582e8d11a2bf5809a6f709bea7cd5847717f8bbb1f7
                                                                                                                                                                    • Opcode Fuzzy Hash: 8c172357a52d6e521d01b9dfae0b7d01a408683ad0e11bd30eb3851361f9248c
                                                                                                                                                                    • Instruction Fuzzy Hash: 98110AB5104249EFFB119F94CCC4CBB7BEEEB492947514465FA49CB211C335AE80DBA0
                                                                                                                                                                    Function 20017A34 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,2001E018,?,00000000,?,?,2000D2D9,00000000,?,?,?,?,?,00000000), ref: 20017A43
                                                                                                                                                                    • RegisterClassA.USER32(?), ref: 20017A77
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,00000000), ref: 20017A83
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,00000000,?,?,2000D2D9,00000000,?,?,?,?,?,00000000), ref: 20017A98
                                                                                                                                                                    • CreateWindowExA.USER32(00000000,CtlFrameWork_ReflectWindow,00000000,?,?,?,?,?,?,00000000,00000000), ref: 20017ACE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$Leave$ClassCreateEnterRegisterWindow
                                                                                                                                                                    • String ID: CtlFrameWork_ReflectWindow
                                                                                                                                                                    • API String ID: 3043172207-4249606870
                                                                                                                                                                    • Opcode ID: dc01422b306b6a695639dfd0a5b65ed3ae0b04a58267f79f14b6bee4ddf4c676
                                                                                                                                                                    • Instruction ID: e2bc25f11cc83e97e3cd93a12174609de185be775d44b672d4a84c28b2b7b467
                                                                                                                                                                    • Opcode Fuzzy Hash: dc01422b306b6a695639dfd0a5b65ed3ae0b04a58267f79f14b6bee4ddf4c676
                                                                                                                                                                    • Instruction Fuzzy Hash: 7C115171514649AFFB068FA4CC49FDEBBB9EF08345F004115F605E6120D7B99E90A761
                                                                                                                                                                    Function 2001BD0C Relevance: 10.6, APIs: 7, Instructions: 54windowmemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetObjectA.GDI32(?,00000018,?), ref: 2001BD1E
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,20019626,?,20019626,?,?), ref: 2001BD37
                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 2001BD4B
                                                                                                                                                                    • GetBitmapBits.GDI32(?,20019626,00000000), ref: 2001BD58
                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 2001BD65
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 2001BD6C
                                                                                                                                                                    • CreateBitmap.GDI32(00000000,?,?,?,00000000), ref: 2001BD87
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Global$Bitmap$AllocBitsCreateFreeLockObjectUnlock
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3299402249-0
                                                                                                                                                                    • Opcode ID: 8c0c2887133d0ad2f6c7c75368f3fdc69aacdae98633e7af6868d99e1018043e
                                                                                                                                                                    • Instruction ID: 70575e19386de5d2d6bd457e1256a5bcddcc9a80faf6de3897ccceaf9e9406c0
                                                                                                                                                                    • Opcode Fuzzy Hash: 8c0c2887133d0ad2f6c7c75368f3fdc69aacdae98633e7af6868d99e1018043e
                                                                                                                                                                    • Instruction Fuzzy Hash: F3014876604515BBF7105BE5DD49EEFBFBDEB44741B000025F901E5151E7748D40EBA0
                                                                                                                                                                    Function 200029DA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,00000448,?,?), ref: 20002A12
                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 20002A1E
                                                                                                                                                                    • CreateICA.GDI32(DISPLAY,00000000,00000000,00000000,?,?,2000290C,00000000,?,?,?), ref: 20002A46
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateDeleteMessageSend
                                                                                                                                                                    • String ID: DISPLAY
                                                                                                                                                                    • API String ID: 3562814853-865373369
                                                                                                                                                                    • Opcode ID: 6b280242431f49be06525346190af8eb2d4c8423455705bb3bea771e17a3e07a
                                                                                                                                                                    • Instruction ID: 23278afd53c8c41d8fbab370a745a5e55232d7238ab55952837138665e86c866
                                                                                                                                                                    • Opcode Fuzzy Hash: 6b280242431f49be06525346190af8eb2d4c8423455705bb3bea771e17a3e07a
                                                                                                                                                                    • Instruction Fuzzy Hash: AF012D31508B01EBF2629B66D808A9BBAE7FB8A351F20892EF19591110CB349910DF52
                                                                                                                                                                    Function 2000177D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,?,200014C7), ref: 200017B3
                                                                                                                                                                    • UnregisterClassA.USER32(CtlFrameWork_Parking), ref: 200017CB
                                                                                                                                                                    • UnregisterClassA.USER32(20001694), ref: 200017F0
                                                                                                                                                                    Strings
                                                                                                                                                                    • CtlFrameWork_ReflectWindow, xrefs: 2000C616
                                                                                                                                                                    • CtlFrameWork_Parking, xrefs: 200017C6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ClassUnregister$DestroyWindow
                                                                                                                                                                    • String ID: CtlFrameWork_Parking$CtlFrameWork_ReflectWindow
                                                                                                                                                                    • API String ID: 1296069007-1716580052
                                                                                                                                                                    • Opcode ID: 272e6e3dea71522732240ea138e468687d9f272f15b1ad820fb9ac412c9a0f65
                                                                                                                                                                    • Instruction ID: 7e41d627b163198eba811c652735a9400dade37dd3f70babea6bf488cf5f487a
                                                                                                                                                                    • Opcode Fuzzy Hash: 272e6e3dea71522732240ea138e468687d9f272f15b1ad820fb9ac412c9a0f65
                                                                                                                                                                    • Instruction Fuzzy Hash: 4B018B3150CA809AF3225B94DC84BD8FBF6BB45250F198024F608530B0C3F84DC4E760
                                                                                                                                                                    Function 20016614 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,00000000,20016556,?,?,00000000,00000000,?,200164A4,?,?), ref: 2001661B
                                                                                                                                                                    • LoadLibraryA.KERNEL32(VERSION.DLL,?,200164A4,?,?), ref: 20016638
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileVersionInfoA), ref: 2001664D
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,200164A4,?,?), ref: 20016661
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$AddressEnterLeaveLibraryLoadProc
                                                                                                                                                                    • String ID: GetFileVersionInfoA$VERSION.DLL
                                                                                                                                                                    • API String ID: 2107766324-88666248
                                                                                                                                                                    • Opcode ID: 89653f5d50ddde81b9fafd11933a0aeff493db14b7284ed61e2723452a4e7308
                                                                                                                                                                    • Instruction ID: ffa0706e7e44dd316aa22dfbb4fff25e3235f7dafd4bcfc293aca2b086e59619
                                                                                                                                                                    • Opcode Fuzzy Hash: 89653f5d50ddde81b9fafd11933a0aeff493db14b7284ed61e2723452a4e7308
                                                                                                                                                                    • Instruction Fuzzy Hash: DDF0173150CA819FFB419FE4EE48B8FFBE6BF48641B004429F141D6025D7E88EC4AB62
                                                                                                                                                                    Function 2001667F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,00000000,20016573,00000000,2001E95C,?,200164A4,?,?,?,?,?,200164A4,?,?), ref: 20016686
                                                                                                                                                                    • LoadLibraryA.KERNEL32(VERSION.DLL,?,?,?,?,?,200164A4,?,?), ref: 200166A3
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,VerQueryValueA), ref: 200166B8
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,?,?,?,200164A4,?,?), ref: 200166CC
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$AddressEnterLeaveLibraryLoadProc
                                                                                                                                                                    • String ID: VERSION.DLL$VerQueryValueA
                                                                                                                                                                    • API String ID: 2107766324-832424205
                                                                                                                                                                    • Opcode ID: 41ae0a7340184030754f399a6faba098c57269d41b79152ebd098b1d34b0eece
                                                                                                                                                                    • Instruction ID: 94a00ab6bdd78e44ef20b2c585d5f61cfea2863836576f3162d04dce04bc4ea5
                                                                                                                                                                    • Opcode Fuzzy Hash: 41ae0a7340184030754f399a6faba098c57269d41b79152ebd098b1d34b0eece
                                                                                                                                                                    • Instruction Fuzzy Hash: 65F0F93110CA819FFB419FA4ED48B8ABBE6BB48701B004424F181D2020D7A88DC9AB62
                                                                                                                                                                    Function 200165B1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,00000002,2001652D,?,?,00000000,00000002,?,?,200164A4,?,?), ref: 200165B8
                                                                                                                                                                    • LoadLibraryA.KERNEL32(VERSION.DLL,?,200164A4,?,?), ref: 200165D5
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileVersionInfoSizeA), ref: 200165EA
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,200164A4,?,?), ref: 200165FE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$AddressEnterLeaveLibraryLoadProc
                                                                                                                                                                    • String ID: GetFileVersionInfoSizeA$VERSION.DLL
                                                                                                                                                                    • API String ID: 2107766324-2539902467
                                                                                                                                                                    • Opcode ID: ca7c231098e750327d13849ddb0968a539796d201e8858d32376c3f8e7322f8d
                                                                                                                                                                    • Instruction ID: b93bbf92fa881f5f0f07d859bcc7272de9ed659b7fe62e3ff07420d435f44a89
                                                                                                                                                                    • Opcode Fuzzy Hash: ca7c231098e750327d13849ddb0968a539796d201e8858d32376c3f8e7322f8d
                                                                                                                                                                    • Instruction Fuzzy Hash: D4F0DA3150CE90AFFB415FA4DD8878BFBA6AB48255B008075F155D2025D7F88AC0AB61
                                                                                                                                                                    Function 200194AF Relevance: 9.2, APIs: 6, Instructions: 247filememoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CopyEnhMetaFileA.GDI32(?,00000000), ref: 2001957A
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00002000,00000010), ref: 2001959E
                                                                                                                                                                    • CopyMetaFileA.GDI32(?,00000000), ref: 200195BC
                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 200195CE
                                                                                                                                                                      • Part of subcall function 20019E02: DeleteObject.GDI32(00000000), ref: 20019E47
                                                                                                                                                                      • Part of subcall function 20019E02: DeleteObject.GDI32(00000000), ref: 20019E57
                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 2001964E
                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 20019689
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Global$CopyDeleteFileMetaObject$AllocFreeLockUnlock
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3876891337-0
                                                                                                                                                                    • Opcode ID: 2365a6fe825228974b36b05b6aef1b2f34e0552122a0188d86af5c6d280c8ced
                                                                                                                                                                    • Instruction ID: 941d7797ecc6410f76d2b4997ddd7329a2ee2809720f8a9db1e431da3df0fbc4
                                                                                                                                                                    • Opcode Fuzzy Hash: 2365a6fe825228974b36b05b6aef1b2f34e0552122a0188d86af5c6d280c8ced
                                                                                                                                                                    • Instruction Fuzzy Hash: 38913970A0050AEFEB11CF98C88499EBBF6FF84354B208469F959DB210D775DE82DB60
                                                                                                                                                                    Function 200102EB Relevance: 9.2, APIs: 6, Instructions: 168COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 2001033B
                                                                                                                                                                    • GetDeviceCaps.GDI32(?,00000058), ref: 20010363
                                                                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 20010371
                                                                                                                                                                    • InflateRect.USER32(?,?,?), ref: 20010396
                                                                                                                                                                      • Part of subcall function 200054CA: EnterCriticalSection.KERNEL32(2001E018,00000000,?,00000000), ref: 200054EE
                                                                                                                                                                      • Part of subcall function 200054CA: LeaveCriticalSection.KERNEL32(2001E018,?,00000000), ref: 20005509
                                                                                                                                                                      • Part of subcall function 200054CA: IsWindowVisible.USER32(?), ref: 2000554F
                                                                                                                                                                      • Part of subcall function 200054CA: EnterCriticalSection.KERNEL32(2001E018,?,00000000), ref: 20005597
                                                                                                                                                                      • Part of subcall function 200054CA: CreateWindowExA.USER32(000000FC,?,?,00000000,?,?,?,?,?,00000000,00000000), ref: 20005601
                                                                                                                                                                      • Part of subcall function 200054CA: LeaveCriticalSection.KERNEL32(2001E018,?,00000000), ref: 2000561B
                                                                                                                                                                    • CallWindowProcA.USER32(?,?,00000439,00000001,?), ref: 20010491
                                                                                                                                                                    • CallWindowProcA.USER32(?,?,00000439,00000000,00000000), ref: 200104AB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSectionWindow$CallCapsDeviceEnterLeaveProcRect$CreateFillInflateVisible
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2999438029-0
                                                                                                                                                                    • Opcode ID: 06864057ed21ab5c661fafc8969307e2ebf22720d11011a53adaf25c5b81ed80
                                                                                                                                                                    • Instruction ID: d0e6dacd020f56cbf9d3ece12c7788de2392031da2c0025b97669ecbb6f24d4c
                                                                                                                                                                    • Opcode Fuzzy Hash: 06864057ed21ab5c661fafc8969307e2ebf22720d11011a53adaf25c5b81ed80
                                                                                                                                                                    • Instruction Fuzzy Hash: 68519C71A00609EFEB018FA1DC84ADE7BB9FF49311F218025F914AB265D7719A51CFD0
                                                                                                                                                                    Function 10004140 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018680631.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018657246.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018708680.000000001000A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018733457.0000000010010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_10000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: gzwritemalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2158187807-0
                                                                                                                                                                    • Opcode ID: 944d90a5d8ef9d4419a4c3d90931ab5b1558ec66b982e110dfbbbb29937b59b6
                                                                                                                                                                    • Instruction ID: 02c11efc60409aa6234cc579b6d1cbc64329a07be0726d661b33c67d64321d3a
                                                                                                                                                                    • Opcode Fuzzy Hash: 944d90a5d8ef9d4419a4c3d90931ab5b1558ec66b982e110dfbbbb29937b59b6
                                                                                                                                                                    • Instruction Fuzzy Hash: 0E4194B1704B414BF360CE2DA98075773E4EF902E4B120A2DF9A6C3799EF31E8868755
                                                                                                                                                                    Function 2000705E Relevance: 9.1, APIs: 6, Instructions: 130stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateErrorInfo.OLEAUT32(?), ref: 2000706E
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 2000709C
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000002), ref: 200070E3
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000100), ref: 20007165
                                                                                                                                                                    • SetErrorInfo.OLEAUT32(00000000,?), ref: 20007190
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharErrorInfoMultiWide$Createlstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 312793348-0
                                                                                                                                                                    • Opcode ID: 427486fa7e4dd0b72f0eedf87bebac2c36c38436bd13e5cf6f2494e1a12c466d
                                                                                                                                                                    • Instruction ID: f679b3b4c3ff3538eb269b0598fdf06e9acd050e4b607cc241292ad6796c4c2a
                                                                                                                                                                    • Opcode Fuzzy Hash: 427486fa7e4dd0b72f0eedf87bebac2c36c38436bd13e5cf6f2494e1a12c466d
                                                                                                                                                                    • Instruction Fuzzy Hash: 6E514A75A00118EFEB10CF98C988E99B7BAFF48304F108294F509DB261CB74EE85DB60
                                                                                                                                                                    Function 20008274 Relevance: 9.1, APIs: 6, Instructions: 80windowstringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,000000C2,00000001,00000000), ref: 200082C0
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 200082C9
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 200082EF
                                                                                                                                                                    • SendMessageA.USER32(?,000000C2,00000001,?), ref: 20008317
                                                                                                                                                                    • SendMessageA.USER32(?,00002111,04000000,?), ref: 20008328
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend$ByteCharMultiWidelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3855459609-0
                                                                                                                                                                    • Opcode ID: 20094d52014315d87dc596441e0ee695b577035d12def8aa90bc9cf500987162
                                                                                                                                                                    • Instruction ID: 8db75f90718dbb877d0b622e4eb1200b0ddbfb2b9da0ceeb9ee371d427569035
                                                                                                                                                                    • Opcode Fuzzy Hash: 20094d52014315d87dc596441e0ee695b577035d12def8aa90bc9cf500987162
                                                                                                                                                                    • Instruction Fuzzy Hash: 7C216B31600159EBFF209BD0CC84FDEBBBABB14754F1081A5F248B64A1DBB45E959B60
                                                                                                                                                                    Function 2001B866 Relevance: 9.1, APIs: 6, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,?,?,00000000,?,2001B862,SHELL32.DLL,2001EBDC,00000030,00000001,00000003,2001EB80,2001B131), ref: 2001B872
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?,00000000,?,2001B862,SHELL32.DLL,2001EBDC,00000030,00000001,00000003,2001EB80,2001B131), ref: 2001B884
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000001), ref: 2001B89E
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,00000000,?,2001B862,SHELL32.DLL,2001EBDC,00000030,00000001,00000003,2001EB80,2001B131), ref: 2001B8C1
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,2001B862,SHELL32.DLL,2001EBDC,00000030,00000001,00000003,2001EB80,2001B131), ref: 2001B8D3
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,00000000,?,2001B862,SHELL32.DLL,2001EBDC,00000030,00000001,00000003,2001EB80,2001B131), ref: 2001B8DA
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$LeaveLibrary$AddressEnterFreeLoadProc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3499113-0
                                                                                                                                                                    • Opcode ID: 077c282657fd0d265de40770d042d7f083f269baae6d1fb72745875c423054a8
                                                                                                                                                                    • Instruction ID: 761b7d25bcd102446f13eccd372e95ef8b717f7c5b382716b83527eb6f0ef40a
                                                                                                                                                                    • Opcode Fuzzy Hash: 077c282657fd0d265de40770d042d7f083f269baae6d1fb72745875c423054a8
                                                                                                                                                                    • Instruction Fuzzy Hash: C3016D35604614EFFB119FA8C8849DEBBBDFF09B517004025F949CB211CB749C81DBA0
                                                                                                                                                                    Function 2001274A Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDlgItem.USER32(75BF4D90,75BF4D90), ref: 2001275F
                                                                                                                                                                    • GetWindow.USER32(00000000), ref: 20012766
                                                                                                                                                                    • GetWindowTextA.USER32(00000000), ref: 2001276D
                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(00000000,00000000), ref: 2001279F
                                                                                                                                                                    • CharNextA.USER32(00000100,00000000), ref: 200127B0
                                                                                                                                                                    • CharNextA.USER32(00000100), ref: 200127B5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CharNextWindow$ByteItemLeadText
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1063216868-0
                                                                                                                                                                    • Opcode ID: ff4d6c4a667a65da6c18611bedbacb3707f4fff150970a24ce0a9b89ceeec1ab
                                                                                                                                                                    • Instruction ID: 6f18a4cb11845c39e45a5a38a50a638f212e07d4cd1c3cbcc28b75f2877bd3d9
                                                                                                                                                                    • Opcode Fuzzy Hash: ff4d6c4a667a65da6c18611bedbacb3707f4fff150970a24ce0a9b89ceeec1ab
                                                                                                                                                                    • Instruction Fuzzy Hash: E101923140C7826EF7225FA49848BDBFFE7AB8E250F184459F5D443192C2298CD6DB61
                                                                                                                                                                    Function 2001B904 Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 2001B911
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000E), ref: 2001B922
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000068), ref: 2001B92C
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 2001B936
                                                                                                                                                                    • GetStockObject.GDI32(0000000F), ref: 2001B959
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 2001B967
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CapsDevice$ObjectReleaseStock
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1363014740-0
                                                                                                                                                                    • Opcode ID: f3c2471b50dc4bea3dece477cd30103ff93331c85bc7a1344be379e2d1695d32
                                                                                                                                                                    • Instruction ID: c259ecfe6702637f05a31c970c1a3208fec64607b10a7dcdebf77e0a9ac13854
                                                                                                                                                                    • Opcode Fuzzy Hash: f3c2471b50dc4bea3dece477cd30103ff93331c85bc7a1344be379e2d1695d32
                                                                                                                                                                    • Instruction Fuzzy Hash: 49F0A97194CB90ABF7106F75DD89B9FBEA5F745721F10842AE106971A0D7FC4480EB50
                                                                                                                                                                    Function 20001F5D Relevance: 9.0, APIs: 6, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,00000000,20001F23,00000000,?,00000000,20018D04,?,?), ref: 20001F64
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,?,?,?,200181EA), ref: 20001F74
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 20001F80
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 20001F91
                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 20001F9B
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 20001FA5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CapsCriticalDeviceSection$EnterLeaveRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4120879447-0
                                                                                                                                                                    • Opcode ID: 8fbf6c32025ef101d1d719340fecddd419149e45f9fca53855d9cd3601d334fe
                                                                                                                                                                    • Instruction ID: 2d7e893104a6ef3b1c55868c38c2112d8381203a239d5c7af9925284508f7688
                                                                                                                                                                    • Opcode Fuzzy Hash: 8fbf6c32025ef101d1d719340fecddd419149e45f9fca53855d9cd3601d334fe
                                                                                                                                                                    • Instruction Fuzzy Hash: EBF0F870549A91ABF3212775CD5CFDF7F9EAB49312F014015F201961A1C7FC4841BA61
                                                                                                                                                                    Function 20010B09 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20010B1F
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20010B25
                                                                                                                                                                      • Part of subcall function 20006F89: SendMessageA.USER32(?,00000434,00000000,20006DDE), ref: 20006FA4
                                                                                                                                                                      • Part of subcall function 20002CBE: SendMessageA.USER32(?,00000437,00000000,?), ref: 20002CDF
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 20010BA9
                                                                                                                                                                    • CoTaskMemFree.OLE32(?,?,00000001,?), ref: 20010C24
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$InitMessageSend$ClearFreeTask
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1019402739-894760207
                                                                                                                                                                    • Opcode ID: 2152135cec5e214f152000e7f717e35ad6eb12273031ea59a83b4d9f87095f39
                                                                                                                                                                    • Instruction ID: 9a7edbc359fd0b763a8546d477adcde7a5fd5c2b359a38857850478328bd6e6f
                                                                                                                                                                    • Opcode Fuzzy Hash: 2152135cec5e214f152000e7f717e35ad6eb12273031ea59a83b4d9f87095f39
                                                                                                                                                                    • Instruction Fuzzy Hash: B231C6319046099BFB01EFA4C844EEFB3BAEF88314F008429F951A7250D7B59F85CB90
                                                                                                                                                                    Function 20019090 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200190A2
                                                                                                                                                                    • VariantCopyInd.OLEAUT32(?,?), ref: 200190F3
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 2001914B
                                                                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 20019185
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$Copy$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1623089695-894760207
                                                                                                                                                                    • Opcode ID: 8abc453cd68cf362c9038a43bb367e643c27021a9618a8c998d6569613cbf8b2
                                                                                                                                                                    • Instruction ID: 8ee390461c297254352e80ac6f3f8a754e6edcd626e07858be74540ead540d82
                                                                                                                                                                    • Opcode Fuzzy Hash: 8abc453cd68cf362c9038a43bb367e643c27021a9618a8c998d6569613cbf8b2
                                                                                                                                                                    • Instruction Fuzzy Hash: D9316B3190020ABFFB219FD0DC59E8AB7AAEF89755B104425FA10C6121D335CAE1DB61
                                                                                                                                                                    Function 2000E599 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(0000000A), ref: 2000E609
                                                                                                                                                                    • VariantChangeType.OLEAUT32(0000000A,0000000A,00000000,00000002), ref: 2000E61A
                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 2000E63C
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 2000E662
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,00000000,00000001), ref: 2000E6D4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$ByteChangeCharFreeHeapInitMultiTypeWidelstrlen
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 4199993932-894760207
                                                                                                                                                                    • Opcode ID: dbb35f0df6f9ae38cacc359ed65aa1eb433aedfa802e27599ac7dafa80ebc4f6
                                                                                                                                                                    • Instruction ID: 47f8837da784d844e231b0796f8ab00bc9a631fc71f848566c59ba3a53212e9d
                                                                                                                                                                    • Opcode Fuzzy Hash: dbb35f0df6f9ae38cacc359ed65aa1eb433aedfa802e27599ac7dafa80ebc4f6
                                                                                                                                                                    • Instruction Fuzzy Hash: 0B31C52180D3D45FEB134BB08C14B9A3F75AF53254F1941DBE181DB0A3D6794D85CBA2
                                                                                                                                                                    Function 200090D3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200090E3
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000004), ref: 200090F5
                                                                                                                                                                      • Part of subcall function 20002946: GetDC.USER32(00000000), ref: 2000299E
                                                                                                                                                                      • Part of subcall function 20002946: GetDeviceCaps.GDI32(00000000,00000058), ref: 200029A9
                                                                                                                                                                      • Part of subcall function 20002946: ReleaseDC.USER32(00000000,00000000), ref: 200029B4
                                                                                                                                                                    • SendMessageA.USER32(?,0000043D,00000000,?), ref: 2000914A
                                                                                                                                                                    • SendMessageA.USER32(?,00000447,00000000,0000009C), ref: 2000918E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSendVariant$CapsChangeDeviceInitReleaseType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 2696002778-894760207
                                                                                                                                                                    • Opcode ID: 74a3c7cc97a9127f13224049d8004456364d86fef35077c27c7c1356e98539c1
                                                                                                                                                                    • Instruction ID: c65ae6fd132aed1cecc64c5d7079ab585e5d9187f41047a613576bd55cce8f4b
                                                                                                                                                                    • Opcode Fuzzy Hash: 74a3c7cc97a9127f13224049d8004456364d86fef35077c27c7c1356e98539c1
                                                                                                                                                                    • Instruction Fuzzy Hash: 81312AB5A0020AEBFB10DBA1CC44FEEB7B9FB45304F1044A9EA45E7291D7749E06DB60
                                                                                                                                                                    Function 20013188 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • wsprintfA.USER32 ref: 200131F2
                                                                                                                                                                    • GetAtomNameA.KERNEL32(?,00000000,00000100), ref: 2001320D
                                                                                                                                                                    • lstrlenA.KERNEL32(?,00000000), ref: 20013218
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,2001E040,?,?,20010041,?,00000000), ref: 200076CA
                                                                                                                                                                      • Part of subcall function 200076B0: SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 200076EB
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,20010041,?,00000000), ref: 20007704
                                                                                                                                                                      • Part of subcall function 20001763: HeapFree.KERNEL32(00000000,00000000,2000AA06,?), ref: 20001776
                                                                                                                                                                    • SysAllocString.OLEAUT32(20006EFE), ref: 20013259
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocByteCharMultiStringWide$AtomFreeHeapNamelstrlenwsprintf
                                                                                                                                                                    • String ID: %#8.8X
                                                                                                                                                                    • API String ID: 646797653-362921579
                                                                                                                                                                    • Opcode ID: d309f218268da40f5defe1d86b5dec9d233358d7301291db3e6039258a60c52e
                                                                                                                                                                    • Instruction ID: c36b75c2059f4738d0d603bd15a0b7f0ee68da81da58ef591307768d563f0925
                                                                                                                                                                    • Opcode Fuzzy Hash: d309f218268da40f5defe1d86b5dec9d233358d7301291db3e6039258a60c52e
                                                                                                                                                                    • Instruction Fuzzy Hash: 0621C531404205BFFB106FE4DC85BEAB7A9EF54320B208529F95997291DA38ADC5C7A0
                                                                                                                                                                    Function 200134F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SafeArrayCreate.OLEAUT32(00000008,00000001,?), ref: 20013534
                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 2001356E
                                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(?,?,00000000), ref: 20013582
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 2001358C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ArraySafeString$AllocCreateElementFree
                                                                                                                                                                    • String ID: `<u
                                                                                                                                                                    • API String ID: 3180618122-3367579956
                                                                                                                                                                    • Opcode ID: 5858b18aadd22cc8aaf947c3bcd992c1f5a7d6c3592899a13ddb75b87672854d
                                                                                                                                                                    • Instruction ID: b505fc5817fac82da815bd6bd28a86d6279ef070ed74ec7c00f5dc2307df9abb
                                                                                                                                                                    • Opcode Fuzzy Hash: 5858b18aadd22cc8aaf947c3bcd992c1f5a7d6c3592899a13ddb75b87672854d
                                                                                                                                                                    • Instruction Fuzzy Hash: 71215E71900A05EFEB108F98C8C4A9DFBFAFF04714F508269E955AB251D374EE84DB90
                                                                                                                                                                    Function 10009050 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • inflateInit_.ZLIB1 ref: 10009092
                                                                                                                                                                      • Part of subcall function 10005810: inflateInit2_.ZLIB1(?,0000000F,?,?), ref: 10005821
                                                                                                                                                                    • inflate.ZLIB1(?,00000004,?,1.2.1,00000038), ref: 100090A6
                                                                                                                                                                    • inflateEnd.ZLIB1(?,?,?,1.2.1,00000038), ref: 100090BA
                                                                                                                                                                    • inflateEnd.ZLIB1(?,?,?,1.2.1,00000038), ref: 100090F2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018680631.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018657246.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018708680.000000001000A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018733457.0000000010010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_10000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: inflate$Init2_Init_
                                                                                                                                                                    • String ID: 1.2.1
                                                                                                                                                                    • API String ID: 3660615380-1740146382
                                                                                                                                                                    • Opcode ID: cca215a28c9433a1d647898f7c0b90932314d91e5febaaaa66e781293deb13c2
                                                                                                                                                                    • Instruction ID: f75d44696b2f5966ffd02f39490c8a9438990261473fd29bfeaa7ad3351098f9
                                                                                                                                                                    • Opcode Fuzzy Hash: cca215a28c9433a1d647898f7c0b90932314d91e5febaaaa66e781293deb13c2
                                                                                                                                                                    • Instruction Fuzzy Hash: 95116076A083029FD600DA58DC41A8FB7E4EFC42A4F45892DFA9C83298E731D945CB82
                                                                                                                                                                    Function 10001130 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • deflateInit_.ZLIB1 ref: 1000117F
                                                                                                                                                                      • Part of subcall function 10003280: deflateInit2_.ZLIB1(00000038,00000038,00000008,0000000F,00000008,00000000,?,?,10001184), ref: 1000329C
                                                                                                                                                                    • deflate.ZLIB1(?,00000004,?,?,1.2.1,00000038), ref: 10001193
                                                                                                                                                                    • deflateEnd.ZLIB1(?,?,?,?,1.2.1,00000038), ref: 100011A7
                                                                                                                                                                    • deflateEnd.ZLIB1(?,?,?,?,1.2.1,00000038), ref: 100011CB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018680631.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018657246.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018708680.000000001000A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018733457.0000000010010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_10000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: deflate$Init2_Init_
                                                                                                                                                                    • String ID: 1.2.1
                                                                                                                                                                    • API String ID: 281832837-1740146382
                                                                                                                                                                    • Opcode ID: 0defd996588e008a31ea7f1af85491a09c81273c5daeaaf5b53a5ec589cf0d73
                                                                                                                                                                    • Instruction ID: 5bc91a08fe2c67527d0fed72d35ef44ed8ea3b807724fd9dd56085358688b2fb
                                                                                                                                                                    • Opcode Fuzzy Hash: 0defd996588e008a31ea7f1af85491a09c81273c5daeaaf5b53a5ec589cf0d73
                                                                                                                                                                    • Instruction Fuzzy Hash: B41151B5908301ABD344DF54D881B8BB7E4EF89294F80891DFA9887354E375D908CB93
                                                                                                                                                                    Function 20015DB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55registrystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000000,CLSID,00000000,000F003F,00000000,00000000), ref: 20015DF1
                                                                                                                                                                      • Part of subcall function 200163F6: wsprintfA.USER32 ref: 2001640E
                                                                                                                                                                      • Part of subcall function 200163F6: RegOpenKeyExA.ADVAPI32(00000000,?,00000000,000F003F,20015E0F), ref: 2001642C
                                                                                                                                                                    • lstrcatA.KERNEL32(?,\InprocServer32), ref: 20015E21
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 20015E44
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Open$Closelstrcatwsprintf
                                                                                                                                                                    • String ID: CLSID$\InprocServer32
                                                                                                                                                                    • API String ID: 2457422185-941187341
                                                                                                                                                                    • Opcode ID: 421d6ecdeafba7a3949fbb9e8b42fa5933035e8b6ed2f508e25914954d080229
                                                                                                                                                                    • Instruction ID: 076a3cfc8f66f48a29c229718196a1b4258be2285231b0a62bd8df490912394a
                                                                                                                                                                    • Opcode Fuzzy Hash: 421d6ecdeafba7a3949fbb9e8b42fa5933035e8b6ed2f508e25914954d080229
                                                                                                                                                                    • Instruction Fuzzy Hash: F8112176905118AFFB249F94DC45BEDB7ACEB14721F104079FE44DA194DBB09EC09B50
                                                                                                                                                                    Function 200057EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,2001E018,?,00000000,?,?,?,?,?,?,?,2000D27E,?,00000000), ref: 200057FD
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,00000000,?,?,?,?,?,?,?,2000D27E), ref: 2000580E
                                                                                                                                                                    • RegisterClassA.USER32(?), ref: 2000584B
                                                                                                                                                                    • CreateWindowExA.USER32(00000000,CtlFrameWork_Parking,00000000,80000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 2000586F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$ClassCreateEnterLeaveRegisterWindow
                                                                                                                                                                    • String ID: CtlFrameWork_Parking
                                                                                                                                                                    • API String ID: 1697314133-1161816382
                                                                                                                                                                    • Opcode ID: c2050b7b21ab6701c37704b93dfbc5d1839e8f454715e015b26c3d9c9f774d0c
                                                                                                                                                                    • Instruction ID: 9e4000a8e791c22c9290491dc0a5a961c9b4bff73b0ed7e82ae2964070c13650
                                                                                                                                                                    • Opcode Fuzzy Hash: c2050b7b21ab6701c37704b93dfbc5d1839e8f454715e015b26c3d9c9f774d0c
                                                                                                                                                                    • Instruction Fuzzy Hash: 51014035509654ABF7118BD4CC88ECEFBBEEB09751B104025F601F2150D7F89984EBA1
                                                                                                                                                                    Function 2001975A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20019762
                                                                                                                                                                    • GlobalLock.KERNEL32(?), ref: 20019784
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,2001E040,?,?,20010041,?,00000000), ref: 200076CA
                                                                                                                                                                      • Part of subcall function 200076B0: SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 200076EB
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,20010041,?,00000000), ref: 20007704
                                                                                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 200197AA
                                                                                                                                                                    • ReleaseStgMedium.OLE32(?), ref: 200197BE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharGlobalMultiWide$AllocInitLockMediumReleaseStringUnlockVariant
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 4030431287-894760207
                                                                                                                                                                    • Opcode ID: ca05a9c011d2a314d35aabd322f9e003bfd9a66a7e1059965c1f61518d0d72e9
                                                                                                                                                                    • Instruction ID: 0f631a52686b86d657f1ed64bb847b21dc3be3ab1e2d5da30f3fd6a2a62b900a
                                                                                                                                                                    • Opcode Fuzzy Hash: ca05a9c011d2a314d35aabd322f9e003bfd9a66a7e1059965c1f61518d0d72e9
                                                                                                                                                                    • Instruction Fuzzy Hash: C9018131518602DBF3204F94DC48B5AB7E5FF45322F204429F549D62A0D77CACD4EB96
                                                                                                                                                                    Function 2001BDAC Relevance: 7.7, APIs: 5, Instructions: 155memorywindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,00000000,?,00000000,?,?,20019626,?,?), ref: 2001BDBB
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,20019626,?,?), ref: 2001BDD1
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000,?,20019626,?,?), ref: 2001BE0F
                                                                                                                                                                      • Part of subcall function 2001B904: GetDC.USER32(00000000), ref: 2001B911
                                                                                                                                                                      • Part of subcall function 2001B904: GetDeviceCaps.GDI32(00000000,0000000E), ref: 2001B922
                                                                                                                                                                      • Part of subcall function 2001B904: GetDeviceCaps.GDI32(00000000,00000068), ref: 2001B92C
                                                                                                                                                                      • Part of subcall function 2001B904: GetDeviceCaps.GDI32(00000000,0000000C), ref: 2001B936
                                                                                                                                                                      • Part of subcall function 2001B904: GetStockObject.GDI32(0000000F), ref: 2001B959
                                                                                                                                                                      • Part of subcall function 2001B904: ReleaseDC.USER32(00000000,00000000), ref: 2001B967
                                                                                                                                                                    • CreatePalette.GDI32(00000000), ref: 2001BF53
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,20019626,?), ref: 2001BF64
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CapsDevice$CriticalHeapSection$AllocCreateEnterFreeLeaveObjectPaletteReleaseStock
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 193892252-0
                                                                                                                                                                    • Opcode ID: 5100b6463fd0bd73e25a00ce8b2403a0c5c23b663619ebac9eff5a21bc26bf5a
                                                                                                                                                                    • Instruction ID: 329d094541834a23d57e257018cedaf820d759cde8dd7c2a438eb20c2aae7f81
                                                                                                                                                                    • Opcode Fuzzy Hash: 5100b6463fd0bd73e25a00ce8b2403a0c5c23b663619ebac9eff5a21bc26bf5a
                                                                                                                                                                    • Instruction Fuzzy Hash: 0E51CE30504284ABF711CFA8C8946EAFBF1AF45340F28C0B9E58997242D3759A85DB90
                                                                                                                                                                    Function 20002B98 Relevance: 7.6, APIs: 5, Instructions: 120windowstringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 20002BD3
                                                                                                                                                                    • SendMessageA.USER32(?,00000449,20002D00,2000C178), ref: 20002C3A
                                                                                                                                                                    • SendMessageA.USER32(?,00002111,04000000,?), ref: 20002C83
                                                                                                                                                                    • SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 20002C9D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend$lstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1172434978-0
                                                                                                                                                                    • Opcode ID: 5bf61feab8af703b290913be41934e4a7aaca7c4df80ff1f09b09a41895a58d8
                                                                                                                                                                    • Instruction ID: 1c36c3eb0ababdee617a62f509ea81cf918df5cdd8a595b98bc7519817a7c487
                                                                                                                                                                    • Opcode Fuzzy Hash: 5bf61feab8af703b290913be41934e4a7aaca7c4df80ff1f09b09a41895a58d8
                                                                                                                                                                    • Instruction Fuzzy Hash: 31414170A05219ABFB11CFD5C881BEEBFFABF0D754F108026F918A6141D7749A81DBA1
                                                                                                                                                                    Function 20013D4D Relevance: 7.6, APIs: 5, Instructions: 100windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 20013D93
                                                                                                                                                                      • Part of subcall function 20006F89: SendMessageA.USER32(?,00000434,00000000,20006DDE), ref: 20006FA4
                                                                                                                                                                    • SendMessageA.USER32(?,00000303,00000000,00000000), ref: 20013DF0
                                                                                                                                                                    • SendMessageA.USER32(?,000000CD,00000000,00000000), ref: 20013E02
                                                                                                                                                                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 20013E29
                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000000), ref: 20013E36
                                                                                                                                                                      • Part of subcall function 20002CBE: SendMessageA.USER32(?,00000437,00000000,?), ref: 20002CDF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend$InvalidateRect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2778011698-0
                                                                                                                                                                    • Opcode ID: 07905ec06e79d29377b3c238edad583475775b68c90edb03e04f249bf9e54a94
                                                                                                                                                                    • Instruction ID: 99c7c703af921f830781b787482aa681d112083e9f9b566a0c769ef1fd12d8da
                                                                                                                                                                    • Opcode Fuzzy Hash: 07905ec06e79d29377b3c238edad583475775b68c90edb03e04f249bf9e54a94
                                                                                                                                                                    • Instruction Fuzzy Hash: DF31F7B1A00208AFEB10DF99C885EAAB7F9FF58354F404569F54A9B261C770EE44CF50
                                                                                                                                                                    Function 2000405A Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 20004173
                                                                                                                                                                    • InterlockedDecrement.KERNEL32 ref: 200041A3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DecrementFreeInterlockedTask
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 589661591-0
                                                                                                                                                                    • Opcode ID: cf403cd143f792af8b318c962fcb3a40bcaa02be38c6649a8fde35e31cbbb3ed
                                                                                                                                                                    • Instruction ID: b02b04bf06be8f7418d5f4cb0dc707749604c01cc28d4964b5069fc27f0ef267
                                                                                                                                                                    • Opcode Fuzzy Hash: cf403cd143f792af8b318c962fcb3a40bcaa02be38c6649a8fde35e31cbbb3ed
                                                                                                                                                                    • Instruction Fuzzy Hash: 9B41BBF0509B009BF3399FA5C8C4A8BB7FABF51344F50495CD59A9B610D7B9A940CB50
                                                                                                                                                                    Function 20007603 Relevance: 7.6, APIs: 5, Instructions: 76memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysAllocString.OLEAUT32(20006EFE), ref: 200076A3
                                                                                                                                                                      • Part of subcall function 2000319F: SendMessageA.USER32(?,0000044A,?,?), ref: 200031F1
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 2000765A
                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 20007661
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 2000767C
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 20007681
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocByteCharMultiStringWide$FreeMessageSendTask
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 594946752-0
                                                                                                                                                                    • Opcode ID: 19257cfd9deb66869f1b421c9ca8ccb44c8142544a285f33d5173e411d96e4f7
                                                                                                                                                                    • Instruction ID: 517cb996ccf4e093a5eb83d0f57043f68a9dcae1ba6452b9c8893f32e9faa6f8
                                                                                                                                                                    • Opcode Fuzzy Hash: 19257cfd9deb66869f1b421c9ca8ccb44c8142544a285f33d5173e411d96e4f7
                                                                                                                                                                    • Instruction Fuzzy Hash: DB216F75501518BBFB118F94CC84DEE7FAEEF49350B204161FA09D6200DB3AAA40DBA0
                                                                                                                                                                    Function 20006AE8 Relevance: 7.6, APIs: 5, Instructions: 62memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysAllocString.OLEAUT32(20006EFE), ref: 20006B71
                                                                                                                                                                      • Part of subcall function 2000319F: SendMessageA.USER32(?,0000044A,?,?), ref: 200031F1
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 20006B28
                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 20006B2F
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 20006B4A
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 20006B4F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocByteCharMultiStringWide$FreeMessageSendTask
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 594946752-0
                                                                                                                                                                    • Opcode ID: 0ef8fde090718d45c98573a7ddac20bec84680dedbd8f9b77200cd794001fb4c
                                                                                                                                                                    • Instruction ID: e459e709153a6400a53226bf8a2ca98d56d11974b14297773ae72d549212d5f6
                                                                                                                                                                    • Opcode Fuzzy Hash: 0ef8fde090718d45c98573a7ddac20bec84680dedbd8f9b77200cd794001fb4c
                                                                                                                                                                    • Instruction Fuzzy Hash: 63115E76500118FFFB119FD5CC88EEE7FBAEB99750B104169FA05D6120D7359A80DB60
                                                                                                                                                                    Function 2000F030 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151comCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • OleCreateFontIndirect.OLEAUT32(00000020,20006460,?), ref: 2000F18A
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 2000F19B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFontFreeIndirectString
                                                                                                                                                                    • String ID: $`<u
                                                                                                                                                                    • API String ID: 2675116949-3739037735
                                                                                                                                                                    • Opcode ID: d9dc6786e97485f6569b3dec4544b894b8cc50913a858c58d293ca82072cc6ff
                                                                                                                                                                    • Instruction ID: ce3c80d9163ed28cc9ad6daeb263ffac6712be197295f8979b5c54038e3ed791
                                                                                                                                                                    • Opcode Fuzzy Hash: d9dc6786e97485f6569b3dec4544b894b8cc50913a858c58d293ca82072cc6ff
                                                                                                                                                                    • Instruction Fuzzy Hash: 0851B5B1A00209EFEB00CFA4C8849EDBBFAFF88314B508469E515EB650D775AA45DF61
                                                                                                                                                                    Function 2001B499 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 2001B4D6
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 2001B4E4
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 2001B52F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$ArrayClearElementInitSafe
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1945510774-894760207
                                                                                                                                                                    • Opcode ID: d9b61b4166588899ec040db02dee02f16367a9337c70278da6b1813851f52ff9
                                                                                                                                                                    • Instruction ID: 6dacf265d81d4be73b88f17ce2308b73dd30e61115f15d9724655127ee0dd37f
                                                                                                                                                                    • Opcode Fuzzy Hash: d9b61b4166588899ec040db02dee02f16367a9337c70278da6b1813851f52ff9
                                                                                                                                                                    • Instruction Fuzzy Hash: 6721F771600A09EFEB11CF99C880A9ABBF5FF44754B108869F95ADB611D330FE90CB60
                                                                                                                                                                    Function 20008B42 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20008B5B
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000008), ref: 20008B6D
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 20008BA0
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,0000043A,00000001,0000003C), ref: 2000885E
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,00000444,00000001,0000003C), ref: 200088C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$MessageSend$ChangeClearInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 3896923540-894760207
                                                                                                                                                                    • Opcode ID: 31b0528f4963bf9a9fcca3f93a0d95bd2a54f42f679a8ed152f67f19eed366f1
                                                                                                                                                                    • Instruction ID: 17f8c32ad510606c59837679f273b90598434382d42c7b37c46bae461915a4a4
                                                                                                                                                                    • Opcode Fuzzy Hash: 31b0528f4963bf9a9fcca3f93a0d95bd2a54f42f679a8ed152f67f19eed366f1
                                                                                                                                                                    • Instruction Fuzzy Hash: 31113476200505ABFB109B94CC04FAAB7BAFB88740F144569FA55E7280EB349E02CBA4
                                                                                                                                                                    Function 2000963A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysStringLen.OLEAUT32(?), ref: 20009654
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,2000938E,?,?,00000000), ref: 2000966D
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,2000938E,?,?,00000000), ref: 20009699
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$String
                                                                                                                                                                    • String ID: P?<u`<u
                                                                                                                                                                    • API String ID: 1441863543-3193948180
                                                                                                                                                                    • Opcode ID: ec76a4ab628ceebe05dc1332c2755d00fac866df1e9fdce7df2c0d7d794b0ce3
                                                                                                                                                                    • Instruction ID: e63c6672012b79761668db31628492ce42c75ecb33070732894437709a34290a
                                                                                                                                                                    • Opcode Fuzzy Hash: ec76a4ab628ceebe05dc1332c2755d00fac866df1e9fdce7df2c0d7d794b0ce3
                                                                                                                                                                    • Instruction Fuzzy Hash: F6111CB5604209FFFB118FE5CC80DAB7BAEFB562A47108469F90597210D335DE80DBA0
                                                                                                                                                                    Function 20017E2B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,0000000E), ref: 20017E94
                                                                                                                                                                      • Part of subcall function 20017EC4: RegOpenKeyExA.ADVAPI32(80000000,CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32,00000000,00020019,?,?,00000000,00000000,?,20017E53,?,?), ref: 20017EE0
                                                                                                                                                                      • Part of subcall function 20017EC4: RegQueryValueExA.ADVAPI32(?,20006EFD,00000000,00000000,00000104,?,?,20017E53), ref: 20017F02
                                                                                                                                                                      • Part of subcall function 20017EC4: RegCloseKey.ADVAPI32(?,?,20017E53), ref: 20017F12
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?), ref: 20017E64
                                                                                                                                                                    • LoadLibraryA.KERNEL32(hhctrl.ocx,?,?), ref: 20017E7A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoad$AddressCloseOpenProcQueryValue
                                                                                                                                                                    • String ID: hhctrl.ocx
                                                                                                                                                                    • API String ID: 2110907290-2298675154
                                                                                                                                                                    • Opcode ID: 7899d13a10d21b6018be693bd418d9563a4fdb83e12557b1d9597255d27a25f8
                                                                                                                                                                    • Instruction ID: 8d3265be6361b90cd64edc8b8770ac8f7fec2f8174e2506c9d00d84db3d134c1
                                                                                                                                                                    • Opcode Fuzzy Hash: 7899d13a10d21b6018be693bd418d9563a4fdb83e12557b1d9597255d27a25f8
                                                                                                                                                                    • Instruction Fuzzy Hash: 840121756086499BFF14DFA4CC40B5AB7F9BB0D304B4048A9A905D3150D7B4EE80DB51
                                                                                                                                                                    Function 200191FC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SysStringLen.OLEAUT32(?), ref: 20019221
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00002000,?), ref: 20019232
                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 20019268
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Global$AllocFreeString
                                                                                                                                                                    • String ID: P?<u`<u
                                                                                                                                                                    • API String ID: 3294640647-3193948180
                                                                                                                                                                    • Opcode ID: 8382cb2606bfb5b13502942c19bc66b9965b82b2eb6b1de72444c0bd21b03c25
                                                                                                                                                                    • Instruction ID: 40f5da889741055a782ed15d79c305166a18a11f512eae73575bf18a12dbf06c
                                                                                                                                                                    • Opcode Fuzzy Hash: 8382cb2606bfb5b13502942c19bc66b9965b82b2eb6b1de72444c0bd21b03c25
                                                                                                                                                                    • Instruction Fuzzy Hash: 5401F231604701BBF7204F61CC08F6BB6EABF80B11F10841CF4A897151E7B9D8819B51
                                                                                                                                                                    Function 2001B27D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,2001E040,?,?,20010041,?,00000000), ref: 200076CA
                                                                                                                                                                      • Part of subcall function 200076B0: SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 200076EB
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,20010041,?,00000000), ref: 20007704
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 2001B2A4
                                                                                                                                                                    • VariantInit.OLEAUT32(00000000), ref: 2001B2B7
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiStringWide$AllocFreeInitVariant
                                                                                                                                                                    • String ID: `<u$p=<u
                                                                                                                                                                    • API String ID: 1719365766-870927761
                                                                                                                                                                    • Opcode ID: 245d7c6e94e9a08eeba4ba2b89ddc687a4320c0db5758b9930a0867d4a03c3e9
                                                                                                                                                                    • Instruction ID: 7679493a63f86907eada51a6e90134664e2443c90cca4a5498391561d86cc897
                                                                                                                                                                    • Opcode Fuzzy Hash: 245d7c6e94e9a08eeba4ba2b89ddc687a4320c0db5758b9930a0867d4a03c3e9
                                                                                                                                                                    • Instruction Fuzzy Hash: 98F0A472900715ABE710EFE8CC84B9FBBBDEF05624F100569E901A7201DBB5A94987E0
                                                                                                                                                                    Function 20017EC4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000000,CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32,00000000,00020019,?,?,00000000,00000000,?,20017E53,?,?), ref: 20017EE0
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,20006EFD,00000000,00000000,00000104,?,?,20017E53), ref: 20017F02
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,20017E53), ref: 20017F12
                                                                                                                                                                    Strings
                                                                                                                                                                    • CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32, xrefs: 20017ED6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                    • String ID: CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
                                                                                                                                                                    • API String ID: 3677997916-4062393554
                                                                                                                                                                    • Opcode ID: 5e7b0fc4249c7f5bdad357bc72d76ca2e5c29957d7c0f32c6d0b28c72db7f93f
                                                                                                                                                                    • Instruction ID: 4ce351c284e350fd667c1a6dba7c27b6c30848cc0913fc7ef3698b835af3c65a
                                                                                                                                                                    • Opcode Fuzzy Hash: 5e7b0fc4249c7f5bdad357bc72d76ca2e5c29957d7c0f32c6d0b28c72db7f93f
                                                                                                                                                                    • Instruction Fuzzy Hash: F1F0FE75605128BBF7119BD2CC49FCBBEBDEF057A5F104039BA09E1111E7749B50E6A0
                                                                                                                                                                    Function 20016304 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000000,00000000,2001E1EC,?,?,?,200146B6,?,00000104), ref: 20016328
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,?,200146B6,?,00000104), ref: 20016334
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?,?,?,?,200146B6,?,00000104), ref: 20016348
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DirectoryWindowslstrcatlstrlen
                                                                                                                                                                    • String ID: \HELP
                                                                                                                                                                    • API String ID: 1183447047-613923795
                                                                                                                                                                    • Opcode ID: 4021f6e32b8cb99bcb0f41f2ba627433e24c45b6fcd89aa9108bed61b5789f57
                                                                                                                                                                    • Instruction ID: 57d3ffcd7881f0306b1559596e905048ddfe64f2ca5378854bce78112eb7de5a
                                                                                                                                                                    • Opcode Fuzzy Hash: 4021f6e32b8cb99bcb0f41f2ba627433e24c45b6fcd89aa9108bed61b5789f57
                                                                                                                                                                    • Instruction Fuzzy Hash: BDF05836404118BBEB019F94CC08ACEBBAEEB04351F008421FD15A6120D7B5AF849BA0
                                                                                                                                                                    Function 200163F6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • wsprintfA.USER32 ref: 2001640E
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(00000000,?,00000000,000F003F,20015E0F), ref: 2001642C
                                                                                                                                                                    • RegCloseKey.ADVAPI32(20015E0F), ref: 2001643D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseOpenwsprintf
                                                                                                                                                                    • String ID: %s\InprocServer
                                                                                                                                                                    • API String ID: 3444493618-2974634110
                                                                                                                                                                    • Opcode ID: 8dbe0d4b0bdb2203a5099971cc6489849a066020f0923e40604c0248a2c64eb6
                                                                                                                                                                    • Instruction ID: c2334ed6e16716beda1e941f47626d6684789e73dd1fb2aa728f3aa40368cd43
                                                                                                                                                                    • Opcode Fuzzy Hash: 8dbe0d4b0bdb2203a5099971cc6489849a066020f0923e40604c0248a2c64eb6
                                                                                                                                                                    • Instruction Fuzzy Hash: 54F06D71604108BBFF019FA0DD85FDA3BADAB00358F008160BB05D9090E7B0DAA4AB90
                                                                                                                                                                    Function 20007F91 Relevance: 6.1, APIs: 4, Instructions: 137windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCapture.USER32 ref: 20008053
                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 20008065
                                                                                                                                                                    • SendMessageA.USER32(00000000,00000084,00000000,?), ref: 20008088
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CaptureCursorMessageSend
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2274354095-0
                                                                                                                                                                    • Opcode ID: a112f5ba701b59c047c9eda5de1c19a075ab9f2a229312f9537abe91a3b7545c
                                                                                                                                                                    • Instruction ID: b663c62227d1515392cecfa1c15f042ec4c52b07c486511eb4b2e4d4e2a9ca69
                                                                                                                                                                    • Opcode Fuzzy Hash: a112f5ba701b59c047c9eda5de1c19a075ab9f2a229312f9537abe91a3b7545c
                                                                                                                                                                    • Instruction Fuzzy Hash: C0417E35500209AFFB10DFE4C8849AEB7F6FB44314B108879E685CB651D774AE8ACB54
                                                                                                                                                                    Function 20018C9F Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MapWindowPoints.USER32(200181EA,00000000,?,00000002), ref: 20018D4E
                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 20018D58
                                                                                                                                                                    • SetCursorPos.USER32(?,?,?,?,?,?,?,?,?,200181EA), ref: 20018D9C
                                                                                                                                                                    • GetWindowRect.USER32(200181EA,?), ref: 20018DBD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CursorWindow$PointsRect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 620265915-0
                                                                                                                                                                    • Opcode ID: b783238c5ae906bab929523f7c87ea2553fc7abcaaa31669a73e772e503b5ca1
                                                                                                                                                                    • Instruction ID: bdf82f8b264bec47da1dc3b0a368f2d87e9782f8b4949082fe2e64342cd6a0ef
                                                                                                                                                                    • Opcode Fuzzy Hash: b783238c5ae906bab929523f7c87ea2553fc7abcaaa31669a73e772e503b5ca1
                                                                                                                                                                    • Instruction Fuzzy Hash: 3B413671A00209EFEB08CBE5D889FEEB7F9AF48200F144569E506E7691D734AE41CB64
                                                                                                                                                                    Function 200170B7 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 20017762: FindResourceA.KERNEL32(00000000,?,00000005), ref: 20017788
                                                                                                                                                                      • Part of subcall function 20017762: LoadResource.KERNEL32(00000000,00000000,?,?,?,200170CB), ref: 2001779B
                                                                                                                                                                      • Part of subcall function 20017762: LockResource.KERNEL32(00000000,?,?,?,200170CB), ref: 200177A6
                                                                                                                                                                      • Part of subcall function 20017762: EnterCriticalSection.KERNEL32(2001E018,?,?,?,200170CB), ref: 200177B8
                                                                                                                                                                      • Part of subcall function 20017762: CreateDialogIndirectParamA.USER32(00000000,00000000,20017877,00000000), ref: 200177D8
                                                                                                                                                                      • Part of subcall function 20017762: LeaveCriticalSection.KERNEL32(2001E018,?,?,?,200170CB), ref: 200177E6
                                                                                                                                                                      • Part of subcall function 20017762: GetLastError.KERNEL32(?,?,?,200170CB), ref: 200177F8
                                                                                                                                                                      • Part of subcall function 20017762: GetLastError.KERNEL32(?,?,?,200170CB), ref: 200177FE
                                                                                                                                                                      • Part of subcall function 20015339: LoadStringA.USER32(00000000,00000000,?,?), ref: 2001535B
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,2001E040,?,?,20010041,?,00000000), ref: 200076CA
                                                                                                                                                                      • Part of subcall function 200076B0: SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 200076EB
                                                                                                                                                                      • Part of subcall function 200076B0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,20010041,?,00000000), ref: 20007704
                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 20017152
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 20017181
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 2001718E
                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 2001719B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeResourceTask$ByteCharCriticalErrorLastLoadMultiSectionStringWide$AllocCreateDialogEnterFindIndirectLeaveLockParamRectWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1267957661-0
                                                                                                                                                                    • Opcode ID: e49b30606de9e75131493daf84c78ab338db35951a1265fdb56128baf9f0b992
                                                                                                                                                                    • Instruction ID: 6ef9fe1d3103a6384262d6233eb754afc80f080906fac296b2a9bed47ba4fea3
                                                                                                                                                                    • Opcode Fuzzy Hash: e49b30606de9e75131493daf84c78ab338db35951a1265fdb56128baf9f0b992
                                                                                                                                                                    • Instruction Fuzzy Hash: BF316D76A00600EFE724CFADD880A5AF7F9FB48710B50895AF919CB651D7B5F980CB60
                                                                                                                                                                    Function 20007B3B Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindow.USER32(00000000,00000003), ref: 20007B5D
                                                                                                                                                                    • SetWindowPos.USER32(00000000,?,00000000,00000000,00000000,00000000,00000013,?,00000001,?,00000000,?,20007B12), ref: 20007BB0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2353593579-0
                                                                                                                                                                    • Opcode ID: 6487c43815250e69788fe96e6872cc5f88450eb21902526bb76edb1ee6a08ddc
                                                                                                                                                                    • Instruction ID: 6f21f32a083c5616abaf2e6232f83a002e5d117b24d673524c265ab4e149f07b
                                                                                                                                                                    • Opcode Fuzzy Hash: 6487c43815250e69788fe96e6872cc5f88450eb21902526bb76edb1ee6a08ddc
                                                                                                                                                                    • Instruction Fuzzy Hash: 94217F72700709ABE6108FB9DC84F9BB7EEEB06249F510919F39AC3280C779F9018721
                                                                                                                                                                    Function 20012570 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E018,00000000,75BFBA60,?,?,?,20011937,?,2001EAC0), ref: 2001257D
                                                                                                                                                                    • LoadRegTypeLib.OLEAUT32(00000001,00000002,?,?), ref: 200125A4
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E018,?,?,?,20011937,?,2001EAC0), ref: 200125AD
                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 200125E5
                                                                                                                                                                      • Part of subcall function 2001261D: SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 20012634
                                                                                                                                                                      • Part of subcall function 2001261D: lstrlenW.KERNEL32(?), ref: 2001268C
                                                                                                                                                                      • Part of subcall function 2001261D: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,00000002), ref: 200126B2
                                                                                                                                                                      • Part of subcall function 2001261D: wsprintfA.USER32 ref: 200126D3
                                                                                                                                                                      • Part of subcall function 2001261D: SendMessageA.USER32(?,00000143,00000000,?), ref: 200126EC
                                                                                                                                                                      • Part of subcall function 2001261D: SysFreeString.OLEAUT32(?), ref: 200126F5
                                                                                                                                                                      • Part of subcall function 2001261D: HeapFree.KERNEL32(00000000,?), ref: 2001271F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalFreeMessageSectionSend$ByteCharEnterHeapItemLeaveLoadMultiStringTypeWidelstrlenwsprintf
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2690994646-0
                                                                                                                                                                    • Opcode ID: a9d6b2debc6906ff3c8ac3911718a4e465364fba9fcbd16d887dfc7e16923a8d
                                                                                                                                                                    • Instruction ID: 1e587f8766edbb401adda4279bfb176beba05a793f7e94bd406381b902ab6062
                                                                                                                                                                    • Opcode Fuzzy Hash: a9d6b2debc6906ff3c8ac3911718a4e465364fba9fcbd16d887dfc7e16923a8d
                                                                                                                                                                    • Instruction Fuzzy Hash: AE218E76600504AFE7058F98CC08EAAB7BEEF8C301B114058F909D7261DBB5EE81DB60
                                                                                                                                                                    Function 20007EA8 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCapture.USER32 ref: 20007ED0
                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 20007EE2
                                                                                                                                                                    • SendMessageA.USER32(00000000,00000084,00000000,?), ref: 20007F06
                                                                                                                                                                    • SendMessageA.USER32(00000000,00000020,00000000,?), ref: 2000AD42
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend$CaptureCursor
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1709278250-0
                                                                                                                                                                    • Opcode ID: 3e29a85cf4b86deac765819031d30a2a7d67e6c2e351929ee1e4faf8405641b6
                                                                                                                                                                    • Instruction ID: e11c484877531e7296c6dfc9f9d4a7a064c587221758e1990a9a4d39930ace23
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e29a85cf4b86deac765819031d30a2a7d67e6c2e351929ee1e4faf8405641b6
                                                                                                                                                                    • Instruction Fuzzy Hash: 3F11723450020AEAF7249B94CC45FBAB3EAFB04341F500A79F685D6091E7B8AD42DB60
                                                                                                                                                                    Function 20015105 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EB), ref: 2001511F
                                                                                                                                                                      • Part of subcall function 20005E1F: SetFocus.USER32(?,00000000,?,2000546C,00000001), ref: 20005E5D
                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EB), ref: 2001513B
                                                                                                                                                                    • MoveWindow.USER32(?,00000000,00000000,?,?,00000001), ref: 2001515B
                                                                                                                                                                    • DefWindowProcA.USER32(?,?,?,?), ref: 20015186
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$Long$FocusMoveProc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3429182166-0
                                                                                                                                                                    • Opcode ID: 672d3132d4c4d35ac3588f420ee2c78e611a43a6bdcb7da3e48d92f2e52c219d
                                                                                                                                                                    • Instruction ID: 3f7590d4d26de661484e1748f1440e2d31d32cfc64263104728295cc0f12a366
                                                                                                                                                                    • Opcode Fuzzy Hash: 672d3132d4c4d35ac3588f420ee2c78e611a43a6bdcb7da3e48d92f2e52c219d
                                                                                                                                                                    • Instruction Fuzzy Hash: AA01C031204509BBFF029F99CC08FEF77AAAB45712F004024FA11AA1A1C775DD60D764
                                                                                                                                                                    Function 2001B3A4 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SafeArrayCopy.OLEAUT32(?,00000014), ref: 2001B3B9
                                                                                                                                                                    • SafeArrayGetLBound.OLEAUT32(?,00000001,00000004), ref: 2001B3CF
                                                                                                                                                                    • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 2001B3E5
                                                                                                                                                                    • SafeArrayDestroy.OLEAUT32(00000000), ref: 2001B3F9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ArraySafe$Bound$CopyDestroy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2955241512-0
                                                                                                                                                                    • Opcode ID: 31e242db14f07c18191d7d8081ff07f89e4a7ab573370d2f3e6173e243a8438d
                                                                                                                                                                    • Instruction ID: 84acfad786cd6fdab95ec1104cc1200fb643c8c6bb0303a2982f0426bff26ad2
                                                                                                                                                                    • Opcode Fuzzy Hash: 31e242db14f07c18191d7d8081ff07f89e4a7ab573370d2f3e6173e243a8438d
                                                                                                                                                                    • Instruction Fuzzy Hash: 00112771A11609EFEB10DFAACC84BDABBF9EB04751F008429F505D6211E374EE95DB60
                                                                                                                                                                    Function 2000FFAB Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(2001E040), ref: 2000FFC3
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 2000FFF2
                                                                                                                                                                    • LoadStringA.USER32(00000000,?,?,000000FF), ref: 20010020
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(2001E040), ref: 20010029
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterFreeLeaveLibraryLoadString
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2664926881-0
                                                                                                                                                                    • Opcode ID: 2d6370d4347369412d5adca23de74a474407187b28c30f02efdfc2f797748fb7
                                                                                                                                                                    • Instruction ID: cec72f72da2023989b7f3d3f40db62b1712aacb10791e81dcffa0abd2894dc28
                                                                                                                                                                    • Opcode Fuzzy Hash: 2d6370d4347369412d5adca23de74a474407187b28c30f02efdfc2f797748fb7
                                                                                                                                                                    • Instruction Fuzzy Hash: 1711E1729086429BF7119FA4DC85BBA77E9AF49300F100038F605D3180DBF8A880EB65
                                                                                                                                                                    Function 200076B0 Relevance: 6.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,2001E040,?,?,20010041,?,00000000), ref: 200076CA
                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 200076EB
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,20010041,?,00000000), ref: 20007704
                                                                                                                                                                    • CoTaskMemAlloc.OLE32(?,?,20010041,?,00000000), ref: 2000D487
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocByteCharMultiWide$StringTask
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4264692338-0
                                                                                                                                                                    • Opcode ID: 33490b0b7e4551cd03d0bc544043ebe92ba0a055af05705f51d75f7380b451e5
                                                                                                                                                                    • Instruction ID: 47b94bcbcd4579529639c9b2f0b3e3f7f142699613994c3f7b3a1762f0cdbacb
                                                                                                                                                                    • Opcode Fuzzy Hash: 33490b0b7e4551cd03d0bc544043ebe92ba0a055af05705f51d75f7380b451e5
                                                                                                                                                                    • Instruction Fuzzy Hash: 9201DB31108558BFB7115FAACC88CAF7FBEEBC66B17208626F91D82154D63A9D4096B0
                                                                                                                                                                    Function 20015FC2 Relevance: 6.0, APIs: 4, Instructions: 50registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(00000000,20015E3D,00000000,000F003F,?,00000000), ref: 20015FDE
                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 20016007
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 20016029
                                                                                                                                                                    • RegDeleteKeyA.ADVAPI32(00000104,20015E3D), ref: 20016035
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseDeleteEnumOpen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4142876296-0
                                                                                                                                                                    • Opcode ID: 1039f2e1eec0dd21759575bf8227a26f8f79c73f54c24309974930cd154791b8
                                                                                                                                                                    • Instruction ID: b8fc33f4b2883019bc74d8e9772bdc1717671fbd320a408c768de7ce4adca5f5
                                                                                                                                                                    • Opcode Fuzzy Hash: 1039f2e1eec0dd21759575bf8227a26f8f79c73f54c24309974930cd154791b8
                                                                                                                                                                    • Instruction Fuzzy Hash: C1010876505028BBEB119B90DC89DDEBF7EEF057A1F108165F549D5060D7708E90EA90
                                                                                                                                                                    Function 200176CF Relevance: 6.0, APIs: 4, Instructions: 42windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,00000087,00000000,00000000), ref: 200176E0
                                                                                                                                                                    • GetParent.USER32(?), ref: 200176F6
                                                                                                                                                                    • GetWindow.USER32(?,?), ref: 2001770A
                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 20017715
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Window$LongMessageParentSend
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2571540958-0
                                                                                                                                                                    • Opcode ID: 7f8c14945a3002df4c6a7b2498dc384a63eb81e8d9b64d3a9d239e1fdbc5158b
                                                                                                                                                                    • Instruction ID: f956f134aeb44d2537bbdc088cc9c91421c5bf3e637ed700c24ac712da825d78
                                                                                                                                                                    • Opcode Fuzzy Hash: 7f8c14945a3002df4c6a7b2498dc384a63eb81e8d9b64d3a9d239e1fdbc5158b
                                                                                                                                                                    • Instruction Fuzzy Hash: 4CF0A435108604BBFB128F94CC44FDD7BB6BB45760F204121F61CE9190DB78E990AB50
                                                                                                                                                                    Function 10003050 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018680631.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018657246.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018708680.000000001000A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018733457.0000000010010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_10000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: 8
                                                                                                                                                                    • API String ID: 0-4194326291
                                                                                                                                                                    • Opcode ID: 8c8c6019bd949c177f9985df8dea3d848898d3fce19b2db7bce5afac65fe486b
                                                                                                                                                                    • Instruction ID: 0aae1f5df41221bb82b5cd7b5ec8fbdd55025dabc2703c896c5bf848474adc7c
                                                                                                                                                                    • Opcode Fuzzy Hash: 8c8c6019bd949c177f9985df8dea3d848898d3fce19b2db7bce5afac65fe486b
                                                                                                                                                                    • Instruction Fuzzy Hash: 7361A370A04B019FE315CF2ED98065BF7E9FF88350F10862EE55A87A94E771E844CB81
                                                                                                                                                                    Function 10005EB1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • adler32.ZLIB1(00000000,00000000,00000000), ref: 10005F26
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018680631.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018657246.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018708680.000000001000A000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018733457.0000000010010000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_10000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: adler32
                                                                                                                                                                    • String ID: $
                                                                                                                                                                    • API String ID: 406569104-227171996
                                                                                                                                                                    • Opcode ID: 681780efe892edd2a7d08545e45a8f12cf285499d3e5c30c65682bd8a0c058c0
                                                                                                                                                                    • Instruction ID: 3b31b3960cde4c1216138f6fc13a648dd839f1f00a163e5a221dd4dee18efe8b
                                                                                                                                                                    • Opcode Fuzzy Hash: 681780efe892edd2a7d08545e45a8f12cf285499d3e5c30c65682bd8a0c058c0
                                                                                                                                                                    • Instruction Fuzzy Hash: 35519CB16043448FEB54CF18DC8071ABBE2FB89390F50866EE9948F349D776D544CB92
                                                                                                                                                                    Function 200109CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200109DD
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200109E3
                                                                                                                                                                      • Part of subcall function 20006F89: SendMessageA.USER32(?,00000434,00000000,20006DDE), ref: 20006FA4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InitVariant$MessageSend
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 4054711846-894760207
                                                                                                                                                                    • Opcode ID: 02b608993ebc4f33e673d079fd66bc457a508c201d4228895747cf9468611328
                                                                                                                                                                    • Instruction ID: a073f1717807fa61489ad723a16f54c0db40fd9bbcae7edb32ddf6bec0e65b46
                                                                                                                                                                    • Opcode Fuzzy Hash: 02b608993ebc4f33e673d079fd66bc457a508c201d4228895747cf9468611328
                                                                                                                                                                    • Instruction Fuzzy Hash: 02415376910A259BDF01EFA8C885A9FB7B6FF0A710F010544FD10BF215D7B1AA49CBA1
                                                                                                                                                                    Function 2001A47D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InitMediumReleaseVariant
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 3431464538-894760207
                                                                                                                                                                    • Opcode ID: 540191b07608fc44ab3d00e28b6b97eaafce3ec96445ba857952494af292925d
                                                                                                                                                                    • Instruction ID: dfb0f109af9a4a03844715a89aef5298012ead0d309d4547667ddabc437b8de0
                                                                                                                                                                    • Opcode Fuzzy Hash: 540191b07608fc44ab3d00e28b6b97eaafce3ec96445ba857952494af292925d
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F418172904A05AFFB11CFD2CC44E9EF3FAAB4A314F20482AF60596151E675DAC49B71
                                                                                                                                                                    Function 20008D44 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20008D5D
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,00000001,00000000,0000000B), ref: 20008D7A
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,0000043A,00000001,0000003C), ref: 2000885E
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,00000444,00000001,0000003C), ref: 200088C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSendVariant$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1961082493-894760207
                                                                                                                                                                    • Opcode ID: de1e3afbcb978631559695465b875639b9333268180d44fd7169c7c26e471f06
                                                                                                                                                                    • Instruction ID: d57e056e6ed59312b419ee6143eaa20caf5b61f4df8e83d2814f2ebbabd2409c
                                                                                                                                                                    • Opcode Fuzzy Hash: de1e3afbcb978631559695465b875639b9333268180d44fd7169c7c26e471f06
                                                                                                                                                                    • Instruction Fuzzy Hash: 19216D35200509EBF7109B94CC04FAEB3BAFB88740F644569AA55972C0EBB4DE46CB95
                                                                                                                                                                    Function 20008DEF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20008E08
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,00000001,00000000,0000000B), ref: 20008E25
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,0000043A,00000001,0000003C), ref: 2000885E
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,00000444,00000001,0000003C), ref: 200088C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSendVariant$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1961082493-894760207
                                                                                                                                                                    • Opcode ID: 54d0c6f8c03968628563afdf275c4d727c2075fb17e795a2d9b8d158314d754b
                                                                                                                                                                    • Instruction ID: 752645475559a17e3304836b412a2ebb06bb497b1d3ffbc5c54c09e3c84b9e32
                                                                                                                                                                    • Opcode Fuzzy Hash: 54d0c6f8c03968628563afdf275c4d727c2075fb17e795a2d9b8d158314d754b
                                                                                                                                                                    • Instruction Fuzzy Hash: 36216D31200505ABF7109B98CC44FAEB3BAFB84740F504569BA55E7281EB74DE46CB98
                                                                                                                                                                    Function 2001309E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69comwindowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • OleGetIconOfClass.OLE32(?,00000000,00000001), ref: 20013104
                                                                                                                                                                    • ReleaseStgMedium.OLE32(?), ref: 20013131
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ClassIconMediumRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2051181860-3916222277
                                                                                                                                                                    • Opcode ID: 4cc80bf6a274aeaf72880c384a776d1fd33947b11ebe7218b35705eb4a824c90
                                                                                                                                                                    • Instruction ID: 2cd840439acf3956d2c1b4ec44f86571a5be8873a8995aaff70b472cffa545b4
                                                                                                                                                                    • Opcode Fuzzy Hash: 4cc80bf6a274aeaf72880c384a776d1fd33947b11ebe7218b35705eb4a824c90
                                                                                                                                                                    • Instruction Fuzzy Hash: 55211D76A00209AFEB00DFE8C8C499EB7F9FF89354F104169E605E7250DB759E45CB60
                                                                                                                                                                    Function 20008BF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20008C11
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,00000001,00000000,0000000B), ref: 20008C2E
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,0000043A,00000001,0000003C), ref: 2000885E
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,00000444,00000001,0000003C), ref: 200088C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSendVariant$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1961082493-894760207
                                                                                                                                                                    • Opcode ID: 735f2396ad39a729f0cbef0d9b05b4536a0f2ced3aeba2c122e74d50fafc1210
                                                                                                                                                                    • Instruction ID: d704374b7702c76d5c517cf316d07ff99a9e36b500c9c810803f61fb1cdc4b5f
                                                                                                                                                                    • Opcode Fuzzy Hash: 735f2396ad39a729f0cbef0d9b05b4536a0f2ced3aeba2c122e74d50fafc1210
                                                                                                                                                                    • Instruction Fuzzy Hash: E621B431201605EBFB109B94CC44FEE73BABB45740F504969FA559B2C0DBB4EE42CBA8
                                                                                                                                                                    Function 2000FC28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 2000FC5A
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,00000001,00000000,0000000B), ref: 2000FCC3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 4161763844-894760207
                                                                                                                                                                    • Opcode ID: 928f71774c8c262d09f5b48ba70752bef3a12f6945060584123962741906ef18
                                                                                                                                                                    • Instruction ID: a7ea0079ea65645f31779d7e59cce4169e7f3239a8127f5c3d5f78bf49c81f08
                                                                                                                                                                    • Opcode Fuzzy Hash: 928f71774c8c262d09f5b48ba70752bef3a12f6945060584123962741906ef18
                                                                                                                                                                    • Instruction Fuzzy Hash: 18116D36200609ABF7109B94CC05FFA72BAEB88700F144529EE15D7281EB74EE42DB94
                                                                                                                                                                    Function 20002A54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,00000030,FFFFFE00,00000000), ref: 20002ABD
                                                                                                                                                                    • SendMessageA.USER32(08000000,00000444,00000000,0000003C), ref: 20002AFF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                    • String ID: <
                                                                                                                                                                    • API String ID: 3850602802-4251816714
                                                                                                                                                                    • Opcode ID: aa96cf3eccd74042939a67bffc30115431e2a03077af14d4fdac95175a38e206
                                                                                                                                                                    • Instruction ID: 71de957e63c021b8e545b81bfbecba1e4b790b3b5d513d017052615f1ff12868
                                                                                                                                                                    • Opcode Fuzzy Hash: aa96cf3eccd74042939a67bffc30115431e2a03077af14d4fdac95175a38e206
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C215E31600244BFFB21DF95CC84FAEBBF9AF88750F108429F6459A291DB71AA45CF51
                                                                                                                                                                    Function 2001366B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200136E3
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,0000000A,00000000,00000003), ref: 200136F4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Variant$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 4161763844-894760207
                                                                                                                                                                    • Opcode ID: c89b97988d0306ecedf41ffd72c8ec91e98b7643fd72dcc5d23020eb2055b329
                                                                                                                                                                    • Instruction ID: 78d276938eafe88b14e8a2c84a35a17efd3b43dae43569ca6cc2b7ec8578796c
                                                                                                                                                                    • Opcode Fuzzy Hash: c89b97988d0306ecedf41ffd72c8ec91e98b7643fd72dcc5d23020eb2055b329
                                                                                                                                                                    • Instruction Fuzzy Hash: FF216075600604FFEB10DFA5C8C8DAAB7BDFB88314B148919FA46CB251D331EA45CB60
                                                                                                                                                                    Function 200089E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200089FF
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000003), ref: 20008A11
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,0000043A,00000001,0000003C), ref: 2000885E
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,00000444,00000001,0000003C), ref: 200088C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSendVariant$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1961082493-894760207
                                                                                                                                                                    • Opcode ID: 340b1e488160ce7aba6eb0e137f29c8ac55480c47fcccb8f6891aed989192a73
                                                                                                                                                                    • Instruction ID: 48b404e12888f5f662dcec41b16612a9c8f82c40c9206e0c400ff62dbc67ffdb
                                                                                                                                                                    • Opcode Fuzzy Hash: 340b1e488160ce7aba6eb0e137f29c8ac55480c47fcccb8f6891aed989192a73
                                                                                                                                                                    • Instruction Fuzzy Hash: B1114C76200106ABFB01DBD4CC04FFAB2AEFB89740F14456ABA41D7681DB74DE02CBA5
                                                                                                                                                                    Function 20008A8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20008AA5
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000003), ref: 20008AB7
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,0000043A,00000001,0000003C), ref: 2000885E
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,00000444,00000001,0000003C), ref: 200088C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSendVariant$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1961082493-894760207
                                                                                                                                                                    • Opcode ID: 2f3ab30bab22c9ccd7b925f8ab4bd6ed57a15c9ed7276bd18ed63e6216e78ccd
                                                                                                                                                                    • Instruction ID: d8c6a4f543b3a6d1b73eb03b504c5c3485abfa3200dd1e54cad4c65ae01036d5
                                                                                                                                                                    • Opcode Fuzzy Hash: 2f3ab30bab22c9ccd7b925f8ab4bd6ed57a15c9ed7276bd18ed63e6216e78ccd
                                                                                                                                                                    • Instruction Fuzzy Hash: 5D116A76200106ABF700D7D5CC04FBAB2AEFB89340F14056ABA41D7680DB34EE02CBA5
                                                                                                                                                                    Function 200087BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 200087D6
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000004), ref: 200087E8
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,0000043A,00000001,0000003C), ref: 2000885E
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,00000444,00000001,0000003C), ref: 200088C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSendVariant$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1961082493-894760207
                                                                                                                                                                    • Opcode ID: b9e4f1a7e611e7798240ec939781eab0aed1998593e74dd0e980244fdacaac42
                                                                                                                                                                    • Instruction ID: 4aec5fd1bb7a3ec0044f8964a5f8eb7df792c425a44b3277874e646dd32be058
                                                                                                                                                                    • Opcode Fuzzy Hash: b9e4f1a7e611e7798240ec939781eab0aed1998593e74dd0e980244fdacaac42
                                                                                                                                                                    • Instruction Fuzzy Hash: 2E114F76201105ABF7109B94CC05FAE73BEFB88700F548569BA51D7281EF74DD06CBA5
                                                                                                                                                                    Function 20008CA3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 20008CAF
                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,00000001,00000000,0000000B), ref: 20008CCC
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,0000043A,00000001,0000003C), ref: 2000885E
                                                                                                                                                                      • Part of subcall function 20008820: SendMessageA.USER32(?,00000444,00000001,0000003C), ref: 200088C1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3018782038.0000000020001000.00000020.00000001.01000000.00000009.sdmp, Offset: 20000000, based on PE: true
                                                                                                                                                                    • Associated: 00000010.00000002.3018757553.0000000020000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018812485.000000002001E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018837306.000000002001F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    • Associated: 00000010.00000002.3018865673.0000000020030000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_20000000_Kernel Outlook PST Viewer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSendVariant$ChangeInitType
                                                                                                                                                                    • String ID: p=<u
                                                                                                                                                                    • API String ID: 1961082493-894760207
                                                                                                                                                                    • Opcode ID: 998c556e5f438702aa03abcca68b606bc0df1a9b0291fd4ee02ebc60d5e6c1eb
                                                                                                                                                                    • Instruction ID: b9ca43856a830b88c9f6b9e24a51a426e0dd2a81d46fb87757fc01e31727cae7
                                                                                                                                                                    • Opcode Fuzzy Hash: 998c556e5f438702aa03abcca68b606bc0df1a9b0291fd4ee02ebc60d5e6c1eb
                                                                                                                                                                    • Instruction Fuzzy Hash: BA113375201519ABFB019B98CC08FAE77BAFB84700F104565FA05DB291EB74DA46CBA8